North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: State Super-DMCA Too True
JM> Date: Sun, 30 Mar 2003 10:34:28 -0500 JM> From: "McBurnett, Jim" JM> NAT-- HMMM - In my eyes that is a security precaution for the JM> ignorant.. Think of this: Joe user goes to Wally World, or JM> Staples and get's a Linksys BEFSR11 cable/dsl router. He adds JM> NAT, and walla, his computer is no longer wide open to the JM> world... Albeit not a stateful firewall, it is much more Actually, it _is_ stateful. It tracks state so it knows what inbound traffic is directed to what IP:port on the inside, or dropped if no match is found. Run 1:1 NAT and see how secure that is. Run a "public" IP address with stateful rules that drop inbound traffic unless outbound traffic happened "recently". Compare. NAT's "security" is a by-product of state that is necessary to achieve 1:N mapping. Eddy -- Brotsman & Dreger, Inc. - EverQuick Internet Division Bandwidth, consulting, e-commerce, hosting, and network building Phone: +1 (785) 865-5885 Lawrence and [inter]national Phone: +1 (316) 794-8922 Wichita ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Date: Mon, 21 May 2001 11:23:58 +0000 (GMT) From: A Trap <[email protected]> To: [email protected] Subject: Please ignore this portion of my mail signature. These last few lines are a trap for address-harvesting spambots. Do NOT send mail to <[email protected]>, or you are likely to be blocked.
|