[128029] in North American Network Operators' Group
Re: Addressing plan exercise for our IPv6 course
daemon@ATHENA.MIT.EDU (Jens Link)
Fri Jul 23 05:51:19 2010
To: nanog list <nanog@nanog.org>
From: Jens Link <lists@quux.de>
Date: Fri, 23 Jul 2010 11:50:02 +0200
In-Reply-To: <8AC1FEFF-C2A5-4063-BB26-8F11BB1985EE@delong.com> (Owen DeLong's
message of "Thu\, 22 Jul 2010 22\:13\:10 -0700")
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Owen DeLong <owen@delong.com> writes:
> In all reality:
>
> 1. NAT has nothing to do with security. Stateful inspection provides
> security, NAT just mangles addresses.
You know that, I know that and (hopefully) all people on this list know
that. But NAT == security was and still is sold by many people.
> Most customers don't know or care what NAT is and wouldn't know the
> difference between a NAT firewall and a stateful inspection firewall.
I Agree. But there are also many people who want to believe in NAT as
security feature.
After one of my talks about IPv6 the firewall admins of a company said
something like: "So we can't use NAT as an excuse anymore and have to
configure firewall rules? We don't want this."
cheers
Jens
--
-------------------------------------------------------------------------
| Foelderichstr. 40 | 13595 Berlin, Germany | +49-151-18721264 |
| http://blog.quux.de | jabber: jenslink@guug.de | ------------------- |
-------------------------------------------------------------------------
