North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: Where NAT disenfranchises the end-user ...

  • From: Roeland Meyer
  • Date: Mon Sep 10 05:47:11 2001

|> From: Jared Mauch [mailto:[email protected]]
|> Sent: Sunday, September 09, 2001 2:49 PM

|> 	Let me reprhase my inital statement, "In most cases i've seen
|> where someone is using NAT it's part of a security policy and not due
|> to lack of available address space".

Jared, those whom depend on an accident, for security, deserve what happens
when the accident undoes itself. I was just over on,
checking out their stats for the CodeRed worm. I was amazed at how fast IIS
admins responded by applying the patches. If NAT were suddenly "fixed", any
incidental security is toast. NAT was never designed for, and was never
intended as, a security method. Any current protection is strictly the
result of a side-effect. The side-effect that breaks the internet
connection. It's a result of the connection being broken. A properly built
firewall is much more effective and definitely more deterministic. Neither
is it vulnerable to a "fix patch".