[41435] in North American Network Operators' Group
Re: Where NAT disenfranchises the end-user ...
daemon@ATHENA.MIT.EDU (Brian Whalen)
Sun Sep 9 19:15:40 2001
Date: Sun, 9 Sep 2001 16:14:12 -0700 (PDT)
From: Brian Whalen <bri@sonicboom.org>
To: Bob K <melange@yip.org>
Cc: "NANOG (E-mail)" <nanog@merit.edu>
In-Reply-To: <Pine.BSF.4.21.0109091736210.52732-100000@pi.yip.org>
Message-ID: <20010909161239.X7196-100000@cx175057-a.ocnsd1.sdca.home.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
Not exactly, in your scenario you are counting on the firewall to block
hostile traffic destined for some ips. If they are Natted, it is more
work to compromise those stations.
Brian "Sonic" Whalen
Success = Preparation + Opportunity
On Sun, 9 Sep 2001, Bob K wrote:
>
> On Sun, 9 Sep 2001, Jared Mauch wrote:
>
> > I think you are obviously missing the point that people
> > use nat to prevent inbound connections as part of their security
> > measures.
>
> Every firewall I've ever seen allows you to do the exact same thing
> without NAT.
>
> --
> Bob <melange@yip.org> | Yes. I know. That is, indeed, *not* mayonnaise.
>
