[82194] in North American Network Operators' Group
Re: mh (RE: OMB: IPv6 by June 2008)
daemon@ATHENA.MIT.EDU (Jay R. Ashworth)
Fri Jul 8 16:18:23 2005
Date: Fri, 8 Jul 2005 12:49:13 -0400
From: "Jay R. Ashworth" <jra@baylink.com>
To: nanog@merit.edu
In-Reply-To: <42CD913D.8050509@globalstar.com>; from Crist Clark <crist.clark@globalstar.com> on Thu, Jul 07, 2005 at 01:31:57PM -0700
Errors-To: owner-nanog@merit.edu
On Thu, Jul 07, 2005 at 01:31:57PM -0700, Crist Clark wrote:
> And if you still want "the protection of NAT," any stateful firewall
> will do it.
That seems a common viewpoint.
I believe the very existence of the Ping Of Death rebuts it.
A machine behind a NAT box simply is not visible to the outside world,
except for the protocols you tunnel to it, if any. This *has* to
vastly reduce it's attack exposure.
Anyone with a pointer to an *in depth* explanation somewhere of why
that assumption is invalid can mail it to me off list, and I'll shut
up.
Cheers,
-- jra
--
Jay R. Ashworth jra@baylink.com
Designer Baylink RFC 2100
Ashworth & Associates The Things I Think '87 e24
St Petersburg FL USA http://baylink.pitas.com +1 727 647 1274
If you can read this... thank a system administrator. Or two. --me