Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Microsoft urging users to buy Harware Firewalls

From: "Richard M. Smith" <rms () computerbytesman com>
Date: Wed, 13 Aug 2003 22:59:55 -0400
Context is important.  We are talking about home computers here.  IPSEC
and multiple servers aren't very relavent to most home computer users.
If someone has more than one computer on a home network, they probably
already have a NAT box to share the network connection.  The suggestion
here is that for folks who are running only one computer should also get
a NAT box if they are connecting to the Internet via a cablemodem or DSL
connection.  NAT boxes have this nice characteristic that they act as a
firewall.

Richard

-----Original Message-----
From: Valdis.Kletnieks () vt edu [mailto:Valdis.Kletnieks () vt edu] 
Sent: Wednesday, August 13, 2003 10:18 PM
To: Richard M. Smith
Cc: full-disclosure () lists netsys com
Subject: Re: [Full-disclosure] Microsoft urging users to buy Harware
Firewalls 


On Wed, 13 Aug 2003 20:04:47 EDT, "Richard M. Smith"
<rms () computerbytesman com>  said:


Windows directory from being accessed from the Internet.  My only
question is why aren't NAT routers built into all cable and DSL

modems.

Because NAT is *not* a be-all and end-all.  NAT *does* break things.

You can't easily do IPSec through a NAT (meaning you need to do some
tap-dancing
if you want to VPN from one).

NAT breaks a lot of end-to-end stuff - for instance, if you have a NAT,
it's *REALLY*
hard to have 2 different machines running servers on the same port.

http://www.ietf.org/rfc/rfc3027.txt?number=3027 for all the gory details

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: