Re: Security gain from NAT (was: Re: Cool IPv6 Stuff)

• Previous message: Edward B. DREGER: "Re: Security gain from NAT (was: Re: Cool IPv6 Stuff)"
• Maybe in reply to: Jim Shankland: "Security gain from NAT (was: Re: Cool IPv6 Stuff)"
• Next in thread: Nicholas Suan: "Re: Security gain from NAT (was: Re: Cool IPv6 Stuff)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Sure, NAT can't prevent users from running with scissors, but sometimes it
does block the scissors thrown at the back of their neck whilst they are
sleeping :)

On 6/4/07, <> wrote:
>
> On Mon, 04 Jun 2007 12:20:38 PDT, Jim Shankland said:
>
> > I can't pass over Valdis's statement that a "good properly configured
> > stateful firewall should be doing [this] already" without noting
> > that on today's Internet, the gap between "should" and "is" is
> > often large.
>
> Let's not forget all the NAT boxes out there that are *perfectly* willing
> to let a system make an *outbound* connection. So the user makes a first
> outbound connection to visit a web page, gets exploited, and the exploit
> then phones home to download more malware.
>
> Yeah, that NAT *should* be providing security, but as you point out,
> there's
> that big gap between should and is... :)
>
>

• Previous message: Edward B. DREGER: "Re: Security gain from NAT (was: Re: Cool IPv6 Stuff)"
• Maybe in reply to: Jim Shankland: "Security gain from NAT (was: Re: Cool IPv6 Stuff)"
• Next in thread: Nicholas Suan: "Re: Security gain from NAT (was: Re: Cool IPv6 Stuff)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]