[134987] in North American Network Operators' Group
Re: Is NAT can provide some kind of protection?
daemon@ATHENA.MIT.EDU (Owen DeLong)
Thu Jan 13 15:56:21 2011
From: Owen DeLong <owen@delong.com>
In-Reply-To: <201101131444.58029.lowen@pari.edu>
Date: Thu, 13 Jan 2011 12:54:15 -0800
To: Lamar Owen <lowen@pari.edu>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Jan 13, 2011, at 11:44 AM, Lamar Owen wrote:
> On Wednesday, January 12, 2011 12:16:27 pm Valdis.Kletnieks@vt.edu =
wrote:
>> 140 million compromised PC's, most of them behind a NAT, can't be =
wrong. :)
>=20
> How many more would there be if most PC's were not behind NAT or =
stateful firewalling? =20
>=20
Here you've hit the key... "or stateful firewalling". Stateful =
firewalling provides the security.
NAT just mangles the header. Overloaded NAT depends inherently on the =
stateful firewall
and this has lead to confusion where people don't realize that the term =
"NAT" is often
(mis)used to refer to the combined process.
Owen
