[159718] in North American Network Operators' Group
Re: Slashdot: UK ISP PlusNet Testing Carrier-Grade NAT Instead of IPv6
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Fri Jan 18 14:45:32 2013
To: William Herrin <bill@herrin.us>
In-Reply-To: Your message of "Thu, 17 Jan 2013 18:21:28 -0500."
<CAP-guGU+2CYb0ef09R5_5PKep=gtWPUhyrOBGuWNnRdkQAZ7gQ@mail.gmail.com>
From: Valdis.Kletnieks@vt.edu
Date: Fri, 18 Jan 2013 14:44:43 -0500
Cc: North American Network Operators' Group <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--==_Exmh_1358538283_1983P
Content-Type: text/plain; charset=us-ascii
On Thu, 17 Jan 2013 18:21:28 -0500, William Herrin said:
> Then it's a firewall that mildly enhances protection by obstructing
> 90% of the port scanning attacks which happen against your computer.
> It's a free country so you're welcome to believe that the presence or
> absence of NAT has no impact on the probability of a given machine
> being compromised. Of course, you're also welcome to join the flat
> earth society. As for me, the causative relationship between the rise
> of the "DSL router" implementing negligible security except NAT and
> the fall of port scanning as a credible attack vector seems blatant
> enough.
Oddly enough, the drop in portscanning attacks maps even more closely
to the shipping of XP SP2, which turned on the onboard firewall by
default. Remember that some of the really big worm hits were when
they managed to get loose inside corporate networks behind the NAT...
Also, a NAT doesn't stop a Java or Adobe exploit in the least, as anybody
with security clue will tell you....
--==_Exmh_1358538283_1983P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iQIVAwUBUPmmKwdmEQWDXROgAQKkFw/+I6MvNDLrDT/MbJd1cW/L/o6khI26/KLU
Gpvkvf6jpN8QxhV/UFO+d49g5oDeZ/kf/NDfaOMUC29znnHRWA8xbWtEpcYh3gby
84p4OsXi0+gMiBFar+nLp4n0GpdmsjDB4G5/wE5Crcw/mouiB20ExY8bO14D4S5A
DODV3illTBkGFFOpe7Iy62VAUfZJRn7WUjxanzZjbboK6pkB+YfN9p7X0D6Hhd0/
NH5c4NS3KtfO8Lnha7oDZSERi16438w7Md24OHnrplaMjmltqnsRsWEwRS+BGDQQ
L/jGcy/398qfj1wk+DFBY7eXukixi8Vq2zmObSCpeEnF3sMtcMceDETPcAKbJFdT
NBAaKUN/LdEcKXCbt4v4GQ3qQ5AAzmCxrizuCjPgMXMfYs3To14rN0JhM+ggvh7m
zLrQHF34GxYn5V3SYXAzQmhyY2TTP0j5qJfrJwgBrpkn0eohtysoulndAyTEq1nY
3Dpxy22ivwFbIwae4miR3UKeqsH9E8e+ymemzc6vDIIklOuZFb4xe47GwAdyxWwo
MW83gVuyBIDgNMelvTGEmBe+SXuf13dg7ehDz+IRHzdFkSsl6cazbp8tPDIfNWnN
52BYdlzVn+Tu8BRj5w8wOZyvDNCVAM3y9+uQ00NddqT7Rao0lT8w7FksCRRX/NbQ
pmH/44IV9Qo=
=DDV2
-----END PGP SIGNATURE-----
--==_Exmh_1358538283_1983P--
