nanog mailing list archives
Re: IPv6 NAT
From: Joe Abley <jabley () isc org>
Date: Fri, 31 Oct 2003 11:58:28 -0500
On 31 Oct 2003, at 11:43, Patrick W. Gilmore wrote:
There is NO security benefit to NAT/PAT/NAPT.Disagree.None of the scanning / infecting viruses could get past a $50 NAT/PAT device which Joe User brings home and turns on without configuring.
It's not the NAT that those boxes are doing which protected Joe User (no relation). It's the firewall function of those boxes -- the function which stops certain traffic being permitted through the front door -- which stopped the viruses outside the front door infecting the windows box in the dining room.
The $50 NAT device performs the firewall function as well as the NAT function.
A $50 device which just provided the firewall function would protect Joe User just as well from viruses.
The NAT function is required because Joe User requires multiple addresses, but his ISP will only give him one. That's orthogonal to the firewall function.
Let's move on. Joe
Current thread:
- Re: IPv6 NAT Michael . Dillon (Oct 30)
- Re: IPv6 NAT Owen DeLong (Oct 30)
- Re: IPv6 NAT Stephen Sprunk (Oct 30)
- Re: IPv6 NAT Scott McGrath (Oct 31)
- RE: IPv6 NAT Tony Hain (Oct 31)
- Re: IPv6 NAT Scott McGrath (Oct 31)
- <Possible follow-ups>
- RE: IPv6 NAT Kuhtz, Christian (Oct 30)
- RE: IPv6 NAT Tony Hain (Oct 30)
- Re: IPv6 NAT Stephen Sprunk (Oct 31)
- Re: IPv6 NAT Owen DeLong (Oct 31)
- Re: IPv6 NAT Patrick W. Gilmore (Oct 31)
- Re: IPv6 NAT Joe Abley (Oct 31)
- Re: IPv6 NAT Eliot Lear (Oct 31)
- Re: IPv6 NAT Owen DeLong (Oct 31)
- Re: IPv6 NAT Paul Timmins (Oct 31)
- RE: IPv6 NAT Tony Hain (Oct 30)