Re: Security gain from NAT (was: Re: Cool IPv6 Stuff)

From: (no name) (no email)
Date: Mon Jun 04 2007 - 16:24:50 EDT

Next message: Larry Smith: "Re: Security gain from NAT (was: Re: Cool IPv6 Stuff)"

Previous message: Colm MacCarthaigh: "Re: Security gain from NAT (was: Re: Cool IPv6 Stuff)"
Maybe in reply to: Jim Shankland: "Security gain from NAT (was: Re: Cool IPv6 Stuff)"
Next in thread: Daniel Senie: "Re: Security gain from NAT (was: Re: Cool IPv6 Stuff)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Mon, 04 Jun 2007 12:20:38 PDT, Jim Shankland said:

> I can't pass over Valdis's statement that a "good properly configured
> stateful firewall should be doing [this] already" without noting
> that on today's Internet, the gap between "should" and "is" is
> often large.

Let's not forget all the NAT boxes out there that are *perfectly* willing
to let a system make an *outbound* connection. So the user makes a first
outbound connection to visit a web page, gets exploited, and the exploit
then phones home to download more malware.

Yeah, that NAT *should* be providing security, but as you point out, there's
that big gap between should and is... :)

application/pgp-signature attachment: stored

Next message: Larry Smith: "Re: Security gain from NAT (was: Re: Cool IPv6 Stuff)"

Previous message: Colm MacCarthaigh: "Re: Security gain from NAT (was: Re: Cool IPv6 Stuff)"
Maybe in reply to: Jim Shankland: "Security gain from NAT (was: Re: Cool IPv6 Stuff)"
Next in thread: Daniel Senie: "Re: Security gain from NAT (was: Re: Cool IPv6 Stuff)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Invaluement Anti-Spam DNSBLs