Security gain from NAT (was: Re: Cool IPv6 Stuff)

From: Jim Shankland (no email)
Date: Mon Jun 04 2007 - 14:32:39 EDT

  • Next message: Steve Feldman: "NANOG40 agenda changes"

    Owen DeLong <> writes:
    > There's no security gain from not having real IPs on machines.
    > Any belief that there is results from a lack of understanding.

    This is one of those assertions that gets repeated so often people
    are liable to start believing it's true :-).

    *No* security gain? No protection against port scans from Bucharest?
    No protection for a machine that is used in practice only on the
    local, office LAN? Or to access a single, corporate Web site?

    Shall I do the experiment again where I set up a Linux box
    at an RFC1918 address, behind a NAT device, publish the root
    password of the Linux box and its RFC1918 address, and invite
    all comers to prove me wrong by showing evidence that they've
    successfully logged into the Linux box? When I last did this,
    I got a handful of emails, some quite snide, suggesting I was
    some combination of ignorant, stupid, and reckless; the Linux
    box for some reason remained unmolested.

    Jim Shankland


  • Next message: Steve Feldman: "NANOG40 agenda changes"





    Hosted Email Solutions

    Invaluement Anti-Spam DNSBLs



    Powered By FreeBSD   Powered By FreeBSD