[LINK] www.ipv6.org.au/summit

Jon Seymour jon.seymour at gmail.com
Sun Aug 31 13:40:47 AEST 2008


On Sun, Aug 31, 2008 at 12:26 PM, Karl Auer <kauer at biplane.com.au> wrote:

> On Sun, 2008-08-31 at 10:35 +1000, Jon Seymour wrote:
>
> > NAT undeniably enhances security for machines that don't have another
> > layer of security, simply because it significantly reduces the chance
> > of externally initiated connections reaching ports that are
> > vulnerable. Admittedly, it is an unintended consequence of a mechanism
> > designed for another purpose, but to suggest that NAT doesn't provide
> > a net security-related benefit is, I think, stretching the point a
> > little.
>
> Not at all. That "unintended consequence" can be had without NAT.
>
> BTW, I hereby deny that NAT enhances security for machines that don't
> have another layer of security. Whoops, there goes "undeniable"!
> Rhetoric, a double-edged sword.
>
> The "enhancement" you claim has nothing to do with NAT. It is no more
> than a simple packet filter can do, the kind of packet filter that is in
> every modern router, even many commodity ADSL/cable routers.
>

In most homes, the packet filter that protects the machines in that network
from unsolicited inbound
traffic *is* the packet filter implemented by the NAT device and so this is
why is it undeniable that NAT
provides a net security benefit, as compared to, say, unfiltered dialup
connections.

Yes, it is an unintended consequence of the desire to allow multiple devices
to share an internet connection,
but it is an undeniably a consequence of it.

jon seymour.



More information about the Link mailing list