Re: Security gain from NAT (was: Re: Cool IPv6 Stuff)

• From: Nicholas Suan
• Date: Tue Jun 05 09:42:10 2007

• Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:sender:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=mqKxzB6R7+K98hcgxl0GzGWWxO0TjL2dawmBPenHubYwcIFKJ4ciKSYD1IzQs4rcmRLzuGqhxUDZ8gpbo+GFZwUL1Cn3ncmzG66+S1GpVF073lwAMYGguBIrTx/1wYOyIqevZivoCbd1+8UbWRzWHNyHMRRNFN3spIYAYYNQX2w=
• Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:sender:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=go2fQ0AGtdcDEnAvJFZvmi0yVluliBtHoLfHd0KXQL72Vk7TIVafP6tkFX/03x1vfwEWPlcZcyXeMQkpf/ocAgUHvzmsR1toh+a5QuwB55Y0lJBaoLZS42+hQBUVnE9isoAmHulKN0BiUHls2CG7aNFIzNXseKX0c8rCwPPQTmU=

Combined responses to save bandwidth and hassle (and number of times you
have to press 'd'):

--

> Just because it's behind NAT, does not mean it's unreahcable from the
internet:

Okay, so exactly how many times do you think we have to say in this thread
that by "NAT/PAT", we mean NAT/PAT as typically implemented in the very
cheapest routers in their default configuration?

Even the cheapest routers have a 'DMZ' configuration option that adds
a rule that, by default, sends all the traffic to a particular host.
And using that is a fairly common solution to bypassing problems with
port forwarding and NAT.

• References:
  • Re: Security gain from NAT (was: Re: Cool IPv6 Stuff) Matthew Palmer
  • RE: Security gain from NAT (was: Re: Cool IPv6 Stuff) David Schwartz

• Prev by Date: Re: Security gain from NAT (was: Re: Cool IPv6 Stuff)
• Next by Date: NANOG40 Lightning Talks for Tuesday, June 5
• Date Index
• Thread Index
• Author Index
• Historical