[AusNOG] /20 Available
Ross Wheeler
ausnog at rossw.net
Mon Jan 21 19:14:36 EST 2013
On Mon, 21 Jan 2013, Michael Andreas Schipp wrote:
> Also I would like to point out that NAT and CGN is not a security measure - only a IPv4 preservation technology.
NAT is not an intentional security measure, but the very fact that NOT A
SINGLE ROUTER I'VE EVER SEEN port-forwards to the device on the NATed side
by default (AKA the "DMZ host") affords the majority of the clueless
masses a moderate degree of "isolation" from the untold number of probes
and direct attacks against their operating systems - that (had they been
on say, a modem or direct "live" connection) they would have fallen afoul
of.
So NAT may not be a "security measure" by design, but it sure is by
effect.
More information about the AusNOG
mailing list