The official purpose of NAT is to translate addresses from a private
range to a public one, because of the shortage in public addresses.
It has never been designed to secure a network.
Hiding addresses is a a pure coincidence.
if you consider that hiding your internal addresses is important for your
security (This is not mandatory), then NAT may help but you need more.
For example, SMTP Receiived headers should be stripped (but this will
cause problems if you have many "internal" MTAs...). Also, one should
check cookies, ... and everything that gets out, such an internal user's
mail saying "I tried ifconfig ef0 10.2.3.4 and it doesn't work, can you help?".
...
cheers,
mouss
At 11:18 21/02/01 +0800, Ju Kong Fui wrote:
>Hi all,
>
>Since the range of private network addr is already officially documented as
>192.168.x.x, 10.x.x.x, and so on, it is no longer a secret to external
>hackers.
>
>Does NAT really help to hide/secure the internal network? Or it is just
>purely a method to help easing the pain of having not enough of public IP
>addr?
>
>Your opinion appreciated.
>
>Thanks.
>-
>[To unsubscribe, send mail to [EMAIL PROTECTED] with
>"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
