[97203] in North American Network Operators' Group
Re: Security gain from NAT
daemon@ATHENA.MIT.EDU (Sam Stickland)
Mon Jun 4 15:15:16 2007
Date: Mon, 04 Jun 2007 20:04:00 +0100
From: Sam Stickland <sam_mailinglists@spacething.org>
To: Joe Abley <jabley@ca.afilias.info>
Cc: Jim Shankland <nanog@shankland.org>,
Owen DeLong <owen@delong.com>, NANOG list <nanog@nanog.org>
In-Reply-To: <4ED889B6-91B6-4FF8-AE7E-A9C90AA7DA86@ca.afilias.info>
Errors-To: owner-nanog@merit.edu
Joe Abley wrote:
>
>
> On 4-Jun-2007, at 14:32, Jim Shankland wrote:
>
>> Shall I do the experiment again where I set up a Linux box
>> at an RFC1918 address, behind a NAT device, publish the root
>> password of the Linux box and its RFC1918 address, and invite
>> all comers to prove me wrong by showing evidence that they've
>> successfully logged into the Linux box?
>
> Perhaps you should run a corresponding experiment whereby you set up a
> linux box with a globally-unique address, put it behind a firewall
> which blocks all incoming traffic to that box, and issue a similar
> invitation.
>
> Do you think the results will be different?
I fear a somewhat more cynical person could interpret the results of
such an experiment to mean that NAT is as good as a firewall ;)
S
