Firewall Wizards mailing list archives
Re: Stats on how common NAT is?
From: "Paul D. Robertson" <proberts () patriot net>
Date: Sun, 15 Dec 2002 09:32:13 -0500 (EST)
On Sun, 15 Dec 2002, Michael Still wrote:
Hello. I work as a software developer, and there has been some discussion at work as to how common NAT is in corporate environments (this affects whether we use DCOM or not).
It's very pervasive. I can't think of any sites I've been to in the last year that haven't been using RFC1918 addresses. Of course, it's possible to use proxies and not NAT the 1918 addresses, but I think everywhere I've been where that was the plan, some exception has forced NAT into the equation at some point in the network.
Does anyone have any pointers on how common NAT in corporate environments is? Why are these people using NAT, is it solely the expense of real IPs, or is it also for the added security?
These days, IP space is tied to a provider, and address space management is a pain if you don't have a large address space. Therefore, it makes sense from an address space management perspective to NAT the traffic. There really isn't any additional security from a conservatively configured network with routable public addresses and one with RFC1918 addresses[1]. Anyway, I don't have any good statistics, but my gut is that it's much better than the 85th percentile these days. Paul [1] My previous employer had 2 pre-CIDR Class B address spaces, as well as a portable /23 and we used legitimate addresses internally, but you still weren't going to route traffic from the Internet to a device that wasn't specifically permitted to do so. The provider routing the address space to the DMZ doesn't obligate the DMZ to route the entire address space internally, for instance. ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions proberts () patriot net which may have no basis whatsoever in fact." probertson () trusecure com Director of Risk Assessment TruSecure Corporation _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Stats on how common NAT is? Michael Still (Dec 14)
- RE: Stats on how common NAT is? Bill Royds (Dec 14)
- Re: Stats on how common NAT is? R. DuFresne (Dec 15)
- Re: Stats on how common NAT is? CTA (Dec 15)
- Re: Stats on how common NAT is? Paul D. Robertson (Dec 15)
- Re: Stats on how common NAT is? Mikael Olsson (Dec 15)
- Re: Stats on how common NAT is? Daniel Linder (Dec 16)
- Re: Stats on how common NAT is? Michael Still (Dec 17)
- <Possible follow-ups>
- Re: Stats on how common NAT is? CTA (Dec 15)