[LINK] www.ipv6.org.au/summit
Karl Auer
kauer at biplane.com.au
Tue Sep 2 11:01:05 AEST 2008
On Tue, 2008-09-02 at 09:53 +1000, Saliya Wimalaratne wrote:
> The less information revealed about any network to potentially hostile
> parties, the better. I'd call this a tangible benefit; and use this benefit
> to challenge your challenge :)
Yes, it is generally true that "the less information revealed about any
network to potentially hostile parties, the better". But sometimes the
amount of "better" is so small as to be irrelevant. And sometimes the
"better" comes at a cost which may outweigh the benefit. NAT has some
pretty serious downsides.
The simplest of packet filters can make it impossible for me to contact
a machine in your network, even if I do know its address.
Hiding your addresses is basically another form of security through
obscurity. The addresses of your hosts really don't matter; what counts
is how well they are protected and how well they protect themselves. The
simplest of packet filters can make it impossible for me to contact a
machine in your network, even if I do know its address.
Regards, K.
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer at biplane.com.au) +61-2-64957160 (h)
http://www.biplane.com.au/~kauer/ +61-428-957160 (mob)
GPG fingerprint: DD23 0DF3 2260 3060 7FEC 5CA8 1AF6 D9E3 CFEE 6B28
Public key at : random.sks.keyserver.penguin.de
More information about the Link
mailing list