[64663] in North American Network Operators' Group
Re: [arin-announce] IPv4 Address Space (fwd)
daemon@ATHENA.MIT.EDU (Paul Timmins)
Thu Oct 30 09:39:52 2003
From: Paul Timmins <paul@timmins.net>
To: Scott McGrath <mcgrath@fas.harvard.edu>
Cc: Jack Bates <jbates@brightok.net>, nanog@merit.edu
In-Reply-To: <Pine.LNX.4.44.0310300917010.26288-100000@login2.fas.harvard.edu>
Date: Thu, 30 Oct 2003 09:38:53 -0500
Errors-To: owner-nanog-outgoing@merit.edu
On Thu, 2003-10-30 at 09:22, Scott McGrath wrote:
> That was _exactly_ the point I was attempting to make. If you recall
> there was a case recently where a subcontractor at a power generation
> facility linked their system to an isolated network which gave
> unintentional global access to the isolated network. a NAT at the
> subcontrator's interface would have prevented this.
So would have a stateful firewall set to keep state, default deny
inbound.
This is how customer grade firewall products should work with NAT
disabled, although they probably don't.
-Paul
--
Paul Timmins <paul@timmins.net>
