[AusNOG] IPv4 Exhaustion, APNIC EC, and James is a nice bloke ; -)

grenville armitage garmitage at swin.edu.au
Sun Jul 20 19:33:48 EST 2008


Steve Baxter wrote:
>> NAT != security.
> 
> Yes, but NAT is far better than everything in your house being globally
> addressable - by anybody ! 

I'm not clear the security arises strictly from one's LAN not being "globally
addressable". We've got a border device with default-deny as its inbound
policy and automagic creation of short-term "pass this flow" rules triggered
by outbound traffic. Seems to me I could build a home LAN using global
addresses, connect to the world via a 1:1 NAT (no remapping of addr or
ports) and get the same 'security'.

(Not that I disagree with the observation that proliferation of NAT
in cheap CPE has probably 'saved' lots of consumers from network-launched
infection. But it _seems_ orthogonal to the global addressability of the
home machines.)

cheers,
gja






More information about the AusNOG mailing list