> -----Original Message-----
> From: [email protected] [mailto:[email protected]]
> On Behalf Of S.P.Zeidler
> Sent: Saturday, October 30, 2010 2:10 PM
> To: Roger Marquis
> Cc: [email protected]
> Subject: [SPAM] - Re: [nat66] To NAT66, or NOT to NAT66, that
> is the question - Email has different SMTP TO: and MIME TO:
> fields in the email addresses
>
>
> Thus wrote Roger Marquis ([email protected]):
>
> > _Also_? Some? Really? I don't mean to question Margaret's
> > experience but I have to wonder what this statement is
> based on. Most
> > of us security professionals use NAT to block _all_ incoming
> > connections _by_default_. This is known as fail-closed.
>
> I use firewall rules for that. :)
>
> Given that your NAT device is likely your firewall, why do
> you trust your co-admins not to accidentially change N:1 NAT
> if you don't trust them to keep the incoming block around?
>
I can answer that, because it takes TWO seperate mistakes rather then ONE and
those mistakes have to "line up". In my book, making TWO mistakes is harder to
do then making ONE. YMMV.
Christopher Engel
Network Infrastructure Manager
SponsorDirect
[email protected]
www.SponsorDirect.com
p(914) 729-7218
f (914) 729-7201
_______________________________________________
nat66 mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/nat66
