North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Security gain from NAT

  • From: Sam Stickland
  • Date: Mon Jun 04 15:17:44 2007

Joe Abley wrote:

On 4-Jun-2007, at 14:32, Jim Shankland wrote:

Shall I do the experiment again where I set up a Linux box
at an RFC1918 address, behind a NAT device, publish the root
password of the Linux box and its RFC1918 address, and invite
all comers to prove me wrong by showing evidence that they've
successfully logged into the Linux box?

Perhaps you should run a corresponding experiment whereby you set up a linux box with a globally-unique address, put it behind a firewall which blocks all incoming traffic to that box, and issue a similar invitation.

Do you think the results will be different?
I fear a somewhat more cynical person could interpret the results of such an experiment to mean that NAT is as good as a firewall ;)