nanog mailing list archives
Re: Block all servers?
From: "Adam Selene" <nospam () vguild com>
Date: Sat, 11 Oct 2003 09:25:44 -0600
Unfortuantely there are enough protocols and applications which don't work well behind a NAT that deploying this on a large scale is not practical.
It already is deployed upon a large scale. When I had @Home in Seattle (one of the first subscribers), I had a 10.x address. Here in Costa Rica, broadband (cable modem) connections for the entire country are behind NAT.
Also what about folks who need to VPN in to their office (either via PPTP or IPSEC)? How would you take care of that situation?
I use IPSEC and it works fine behind NAT.
Unfortunately something like this would make the PC close to useless which is not the intent of the software provider. Thus you see everything open, security be damned.
No. You default open the common and popular internet ports for outbound, and 90% of users never use anything else.
As for plug-in "workgroup" networking (the main reason why everything is open by default), when you create a Workgroup, it should require a key for that workgroup and enable shared-key IPSEC.And joe user will understand this because.....
That's the point, he doesn't have to. A "workgroup" becomes a name + a key/phassphrase instead of just a name. What that accomplishes is completely hidden. Adam
Current thread:
- Block all servers? Michael . Dillon (Oct 10)
- RE: Block all servers? Christopher Bird (Oct 10)
- Message not available
- RE: Block all servers? Eric Kuhnke (Oct 10)
- RE: Block all servers? Christopher Bird (Oct 10)
- Re: Block all servers? Adam Selene (Oct 10)
- Re: Block all servers? ken emery (Oct 10)
- Re: Block all servers? Adam Selene (Oct 11)
- Re: Block all servers? ken emery (Oct 11)
- Re: Block all servers? Stefan Mink (Oct 14)
- Re: Block all servers? Crist Clark (Oct 14)
- Re: Block all servers? Stefan Mink (Oct 14)
- Re: Block all servers? Kee Hinckley (Oct 14)
- Re: Block all servers? Crist Clark (Oct 14)
- Re: Block all servers? Steven M. Bellovin (Oct 14)
- RE: Block all servers? Eric Kuhnke (Oct 10)
- Re: Block all servers? Alex Yuriev (Oct 11)
- Re: Block all servers? Steven M. Bellovin (Oct 11)
- Re: Block all servers? ken emery (Oct 11)