North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Security gain from NAT

  • From: Nathan Ward
  • Date: Wed Jun 06 07:55:35 2007



On 6/06/2007, at 2:53 PM, Roger Marquis wrote:


So now the cruft extends and embraces, and you have to play DNS
view games based on whether it's on company A's legacy net,
company B's legacy net, or the DMZ in between them, and start
poking around in the middle of DNS packets to tweak the replies
(which sort of guarantees you can't deploy DNSSEC).

<IPv4 junk>

You clearly missed the start of this conversation, and my summaries in the last couple of days, about which I am not surprised.


We were discussing IPv6, the lack of NAT was brought up as being viewed as a blocker for security reasons, and solutions were presented so that it no longer is, assuming adequate education is provided.

--
Nathan Ward