nanog mailing list archives
RE: Where NAT disenfranchises the end-user ...
From: Roeland Meyer <rmeyer () mhsc com>
Date: Mon, 10 Sep 2001 02:46:56 -0700
|> From: Jared Mauch [mailto:jared () puck Nether net] |> Sent: Sunday, September 09, 2001 2:49 PM |> Let me reprhase my inital statement, "In most cases i've seen |> where someone is using NAT it's part of a security policy and not due |> to lack of available address space". Jared, those whom depend on an accident, for security, deserve what happens when the accident undoes itself. I was just over on www.netcraft.com, checking out their stats for the CodeRed worm. I was amazed at how fast IIS admins responded by applying the patches. If NAT were suddenly "fixed", any incidental security is toast. NAT was never designed for, and was never intended as, a security method. Any current protection is strictly the result of a side-effect. The side-effect that breaks the internet connection. It's a result of the connection being broken. A properly built firewall is much more effective and definitely more deterministic. Neither is it vulnerable to a "fix patch".
Current thread:
- RE: Where NAT disenfranchises the end-user ..., (continued)
- RE: Where NAT disenfranchises the end-user ... woody weaver (Sep 09)
- Re: Where NAT disenfranchises the end-user ... Adam McKenna (Sep 09)
- Re: Where NAT disenfranchises the end-user ... Marc Slemko (Sep 09)
- RE: Where NAT disenfranchises the end-user ... Mike Batchelor (Sep 10)
- Re: Where NAT disenfranchises the end-user ... Joel Baker (Sep 10)
- Re: Where NAT disenfranchises the end-user ... Valdis . Kletnieks (Sep 09)
- Re: Where NAT disenfranchises the end-user ... Adam McKenna (Sep 09)
- RE: Where NAT disenfranchises the end-user ... woody weaver (Sep 09)
- RE: Where NAT disenfranchises the end-user ... Daniel Senie (Sep 09)
- RE: Where NAT disenfranchises the end-user ... Roeland Meyer (Sep 10)
- RE: Where NAT disenfranchises the end-user ... Andy Dills (Sep 10)
- Re: Where NAT disenfranchises the end-user ... bmanning (Sep 10)
- RE: Where NAT disenfranchises the end-user ... Andy Dills (Sep 10)
- RE: Where NAT disenfranchises the end-user ... Roeland Meyer (Sep 10)
- Re: Where NAT disenfranchises the end-user ... Scott Gifford (Sep 10)
- Re[2]: Where NAT disenfranchises the end-user ... Richard Welty (Sep 10)
- Re[2]: Where NAT disenfranchises the end-user ... RJ Atkinson (Sep 10)
- Re[3]: Where NAT disenfranchises the end-user ... Richard Welty (Sep 10)
- Re: Re[3]: Where NAT disenfranchises the end-user ... Alex Bligh (Sep 10)
- Re: Re[3]: Where NAT disenfranchises the end-user ... Valdis . Kletnieks (Sep 10)
- Re: Where NAT disenfranchises the end-user ... Scott Gifford (Sep 10)
- Re: Where NAT disenfranchises the end-user ... Eric A. Hall (Sep 10)
- RE: Where NAT disenfranchises the end-user ... Greg Maxwell (Sep 10)
- Re: Where NAT disenfranchises the end-user ... Scott Gifford (Sep 10)