North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Security gain from NAT

  • From: brett watson
  • Date: Tue Jun 05 01:26:32 2007



On Jun 4, 2007, at 9:51 PM, Donald Stahl wrote:

A SI firewall ruleset equivalent to PAT is a single rule on a CheckPoint firewall (as an example):

Src: Internal - Dst: Any - Action: Allow

Done.

Done indeed! Botnet operators *love* this policy. This type of policy is probably worse than any issue discussed in this thread so far.


-b