> On Jun 9, 2016, at 19:57 , Ricky Beam <jfb...@gmail.com> wrote: > > On Thu, 09 Jun 2016 21:41:05 -0400, Baldur Norddahl > <baldur.nordd...@gmail.com> wrote: > >> Then he reads on NANOG that since he has IPv6 >> he can just connect to the camera with that. > ... > > Only to find the built-in stateful firewall blocks unsolicited inbound > connections. Now he has to figure out how to manipulate ACLs. Or (more > likely) he turns that "pesky firewall" off. (followed by the eventual hacking > of every device he owns.) > > NAT may not be security, yet it's the only thing securing billions of people.
Nope… NAT Can’t be done without stateful inspection. You can stop mangling the packet headers and leave the stateful inspection in place and still have the same exact protection. I realize most people have a hard time separating NAT from stateful inspection because most people got them both in the same package at the same time. Further, most boxes implement NAT and stateful inspection in the same chunk of code making it look even more like a single transaction. However, conceptually they are two different things. Stateful inspection is what actually protects you. NAT is simply the part where you mutilate the packet header in unnatural ways. Owen
