On Fri, Jun 08, 2007 at 05:43:21PM -0300, Henrique Cesar Ulbrich wrote: > BUT (as you will say next) all of them were directly connected to the > internal > nets, so NAT was not a big problem to the invader. The internal nets, in all > cases, were also poorly protected, designed and deployed, so were a enjoyable > playground to even the less skilled kiddie. > > So, you're right. In any way (with or without NAT) the atacker would gain > access to the whole subnet on those examples.
My point exactly. NAT doesn't have any effect on security. > This doesn't mean that NAT is a bad thing. I'm not really saying that it is, just that it's not a good thing either, from a security perspective. > ALSO, real IPs cost money. Even with IPv6, they will still cost > money - maybe less money, but money indeed. RFC1918 addresses are > for free. Now you're getting into the real reasons for NAT - administrative, not security. ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
