nanog mailing list archives
Re: Security gain from NAT (was: Re: Cool IPv6 Stuff)
From: Matthew Palmer <mpalmer () hezmatt org>
Date: Tue, 5 Jun 2007 09:51:08 +1000
On Mon, Jun 04, 2007 at 03:31:00PM -0500, Larry Smith wrote:
On Monday 04 June 2007 13:54, Valdis.Kletnieks () vt edu wrote:On Mon, 04 Jun 2007 11:32:39 PDT, Jim Shankland said:*No* security gain? No protection against port scans from Bucharest? No protection for a machine that is used in practice only on the local, office LAN? Or to access a single, corporate Web site?Nope. Zip. Zero. Ziltch. Nothing over and above what a good properly configured stateful *non*-NAT firewall should be doing for you already.Cool, then I need four of these firewalls, and two Class-C (512) worth of IP space that works behind my current ISP at no more than $39.95 each (my basic price for a Dlink, Netgear, etc cable/dsl router with NAT) with no additional cost to my monthly internet - and I will start switching over networks... Yes, I am joking, but the point being that _currently_ NAT serves a purpose;
Yes, it does -- conservation of address space (and routing table entries, possibly). However, a quick glance at the subject line and the material you quoted should suggest that we're talking about a different topic. - Matt -- I was punching a text message into my phone yesterday and thought, "they need to make a phone that you can just talk into." -- Major Thomb
Current thread:
- Security gain from NAT (was: Re: Cool IPv6 Stuff), (continued)
- Security gain from NAT (was: Re: Cool IPv6 Stuff) Jim Shankland (Jun 04)
- Re: Security gain from NAT (was: Re: Cool IPv6 Stuff) Daniel Senie (Jun 04)
- Re: Security gain from NAT (was: Re: Cool IPv6 Stuff) Matthew Palmer (Jun 04)
- Re: Security gain from NAT (was: Re: Cool IPv6 Stuff) Edward B. DREGER (Jun 04)
- Re: Security gain from NAT Richard P. Welty (Jun 04)
- Re: Security gain from NAT Donald Stahl (Jun 04)
- Re: Security gain from NAT Dave Israel (Jun 04)
- Re: Security gain from NAT Edward B. DREGER (Jun 04)
- Re: Security gain from NAT Fred Baker (Jun 04)
- Re: Security gain from NAT (was: Re: Cool IPv6 Stuff) Larry Smith (Jun 04)
- Re: Security gain from NAT (was: Re: Cool IPv6 Stuff) Matthew Palmer (Jun 04)
- Re: Security gain from NAT (was: Re: Cool IPv6 Stuff) Lamar Owen (Jun 04)
- Enterprise IPv6 (Was: Cool IPv6 Stuff/Security gain from NAT) Nathan Ward (Jun 04)