|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Security gain from NAT (was: Re: Cool IPv6 Stuff)
On Mon, 04 Jun 2007 12:20:38 PDT, Jim Shankland said: > I can't pass over Valdis's statement that a "good properly configured > stateful firewall should be doing [this] already" without noting > that on today's Internet, the gap between "should" and "is" is > often large. Let's not forget all the NAT boxes out there that are *perfectly* willing to let a system make an *outbound* connection. So the user makes a first outbound connection to visit a web page, gets exploited, and the exploit then phones home to download more malware. Yeah, that NAT *should* be providing security, but as you point out, there's that big gap between should and is... :) Attachment:
pgp00009.pgp
|