[97290] in North American Network Operators' Group
Re: Security gain from NAT
daemon@ATHENA.MIT.EDU (Nathan Ward)
Wed Jun 6 07:54:59 2007
In-Reply-To: <20070605193030.K70768@eboyr.pbz>
From: Nathan Ward <nanog@daork.net>
Date: Wed, 6 Jun 2007 17:36:55 +1200
To: NANOG <nanog@merit.edu>
Errors-To: owner-nanog@merit.edu
On 6/06/2007, at 2:53 PM, Roger Marquis wrote:
>
>> So now the cruft extends and embraces, and you have to play DNS
>> view games based on whether it's on company A's legacy net,
>> company B's legacy net, or the DMZ in between them, and start
>> poking around in the middle of DNS packets to tweak the replies
>> (which sort of guarantees you can't deploy DNSSEC).
>
> <IPv4 junk>
You clearly missed the start of this conversation, and my summaries
in the last couple of days, about which I am not surprised.
We were discussing IPv6, the lack of NAT was brought up as being
viewed as a blocker for security reasons, and solutions were
presented so that it no longer is, assuming adequate education is
provided.
--
Nathan Ward
