Re: Security gain from NAT

North American Network Operators Group

Re: Security gain from NAT

From: Sam Stickland
Date: Mon Jun 04 15:17:44 2007

Joe Abley wrote:

On 4-Jun-2007, at 14:32, Jim Shankland wrote:
Shall I do the experiment again where I set up a Linux box
at an RFC1918 address, behind a NAT device, publish the root
password of the Linux box and its RFC1918 address, and invite
all comers to prove me wrong by showing evidence that they've
successfully logged into the Linux box?
Perhaps you should run a corresponding experiment whereby you set up a linux box with a globally-unique address, put it behind a firewall which blocks all incoming traffic to that box, and issue a similar invitation.

Do you think the results will be different?

I fear a somewhat more cynical person could interpret the results of such an experiment to mean that NAT is as good as a firewall ;)

S

Follow-Ups:
- RE: Security gain from NAT Howard C. Berkowitz

References:
- Re: Cool IPv6 Stuff Owen DeLong
- Cool IPv6 Stuff Jeroen Massar
- Re: Cool IPv6 Stuff Jared Mauch
- Re: Cool IPv6 Stuff Sam Stickland
- Re: Cool IPv6 Stuff Adrian Chadd
- Re: Cool IPv6 Stuff Joel Jaeggli
- Security gain from NAT (was: Re: Cool IPv6 Stuff) Jim Shankland
- Re: Security gain from NAT (was: Re: Cool IPv6 Stuff) Joe Abley

Prev by Date: Re: Security gain from NAT (was: Re: Cool IPv6 Stuff)
Next by Date: Re: Security gain from NAT
Date Index
Thread Index
Author Index
Historical