[97255] in North American Network Operators' Group
Re: Security gain from NAT
daemon@ATHENA.MIT.EDU (brett watson)
Tue Jun 5 01:24:38 2007
In-Reply-To: <20070605000112.R58105@calis.blacksun.org>
From: brett watson <brett@the-watsons.org>
Date: Mon, 4 Jun 2007 22:23:14 -0700
To: nanog@merit.edu
Errors-To: owner-nanog@merit.edu
On Jun 4, 2007, at 9:51 PM, Donald Stahl wrote:
> A SI firewall ruleset equivalent to PAT is a single rule on a
> CheckPoint firewall (as an example):
>
> Src: Internal - Dst: Any - Action: Allow
>
> Done.
Done indeed! Botnet operators *love* this policy. This type of policy
is probably worse than any issue discussed in this thread so far.
-b
