Slashdot: UK ISP PlusNet Testing Carrier-Grade NAT Instead of IPv6

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Fri Jan 18 19:44:43 UTC 2013


On Thu, 17 Jan 2013 18:21:28 -0500, William Herrin said:

> Then it's a firewall that mildly enhances protection by obstructing
> 90% of the port scanning attacks which happen against your computer.
> It's a free country so you're welcome to believe that the presence or
> absence of NAT has no impact on the probability of a given machine
> being compromised. Of course, you're also welcome to join the flat
> earth society. As for me, the causative relationship between the rise
> of the "DSL router" implementing negligible security except NAT and
> the fall of port scanning as a credible attack vector seems blatant
> enough.

Oddly enough, the drop in portscanning attacks maps even more closely
to the shipping of XP SP2, which turned on the onboard firewall by
default.  Remember that some of the really big worm hits were when
they managed to get loose inside corporate networks behind the NAT...

Also, a NAT doesn't stop a Java or Adobe exploit in the least, as anybody
with security clue will tell you....

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 865 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20130118/2cd4a1e3/attachment.bin>


More information about the NANOG mailing list