North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Security gain from NAT (was: Re: Cool IPv6 Stuff)

  • From: Edward B. DREGER
  • Date: Mon Jun 04 18:32:14 2007

JS> Date: Mon, 04 Jun 2007 12:20:38 -0700
JS> From: Jim Shankland

JS> If what you meant to say is that NAT provides no security benefits
JS> that can't also be provided by other means, then I completely

What Owen said is that "[t]here's no security gain from not having real
IPs on machines".  That is a true statement.


Provider: "We're seeing WormOfTheDay.W32 from"

Downstream: "That's our firewall."

Provider: "Chances are you have one or more compromised hosts behind
your firewall."

Downstream: "But we have 150 workstations.  How do we find which 

Bonus points for finding downstreams who understand "NIDS", "monitor 
port", "state mapping tables", et cetera. :-)

In the big picture, I submit that NAT *worsens* the security situation.  
Of course, the cost falls to "other people" -- a topic that inevitably 
launches a protracted thread.

Everquick Internet -
A division of Brotsman & Dreger, Inc. -
Bandwidth, consulting, e-commerce, hosting, and network building
Phone: +1 785 865 5885 Lawrence and [inter]national
Phone: +1 316 794 8922 Wichita