Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » When NAT becomes NOT » Re: When NAT becomes NOT
Search Topic:
 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Post a:
Post a:
« Re: When NAT becomes NOT  
AuthorAll Replies


justin
Australian
join:1999-05-28
Brooklyn, NY

Host:
IPv6
Business Connectiv..
Home/Office setup ..
Console/Handheld g..
Console Tech
reply to Anon
Re: When NAT becomes NOT

The mailbomb/mailman analogy is not correct in my experience. NAT devices and NAT software that is being marketed as such do not pass on packages unless a preexisting connection has been opened to the outside party. The letter (packet) cannot be addressed to an inside address unless you've been contacted first.. the packet is dropped.
If you port scan a NAT box, no ports are open, no machines get your packets, no matter how many machines live behind it.
So it isnt a firewall (I said that in the article) but it does provide basic protection.
And the end of the article points out the VPN issues as well.
If you can point me to some documentation for a NAT box or NAT software that shows how a new connection from outside can get in without explicitly allowing it, please post!
to forum · permalink · · 2000-03-13 15:46:51 · Reply to this

Anon		 Well,

We're kind of going in circles, because I just realized we're talking about two different kinds of NAT. You're referring to outbound-NAT, and I'm referring to bi-directional NAT.

(From RFC 2663: )

"With a Bi-directional NAT, sessions can be initiated from hosts in the public network as well as the private network. Private network addresses are bound to globally unique addresses, statically or dynamically as connections are established in either direction."

Pretty much sums up Bi-directional NAT in a nutshell. We'll call it a draw. (LOL)

To me, the real problem is this:
Neither out-bound or bi-directional does NAT do inspection of the packet. A firewall WILL do that, and more. In addition, out-bound packet sourcing for security isn't part of the RFC, it's more to do with propagating routing tables, and shouldn't be relied upon as the primary method of defense. I'm not down on NAT at all, I just wouldn't bet my data, or recommend you betting yours, on it.

Regards,
-Bouncer-
to forum · permalink · 2000-03-13 19:37:28 · Reply to this
Forums » When NAT becomes NOT« Re: When NAT becomes NOT  

Sunday, 29-Nov 00:47:16 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.republican-creole
page compression OFF
Most commented news this week
· [122] Time Warner Cable Fires Broadside At Broadcasters
· [112] New AT&T Ad Campaign Hits Back At Verizon
· [96] Apple Joins AT&T Verizon Snark Fest
· [87] New Bill Takes Aim At Higher Verizon ETFs
· [80] TiVo Sees Record Customer Losses
· [72] Weekend Open Thread
· [70] Verizon CEO: Hulu Will Be Dead Soon
· [69] In-Flight Internet Headed For Bumpy Landing?
· [62] Thanksgiving Open Thread
· [40] EFF Wages War On Fine Print
Most people now reading
· [How to] Install Asterisk on an Asus WL-520GU router [VOIP Tech Chat]
· 3.x Feral Druid - Bear Tanking Guide [World of Warcraft]
· [WotLK] Whats the level 80 pve spec for mages? [World of Warcraft]
· ToC 4th boss - Preliminary Strategy for Twin Valkyr [World of Warcraft]
· Why does it take so long? Mail question [General Questions]
· [ Classes] Druid tanking: rotation and glyphs [World of Warcraft]
· [ PVP] 3.2 DK PvP D/W Spec... [World of Warcraft]
· Windows 7 boot manager editing questions [Microsoft Help]
· [ Classes] Prot Warrior Hit-Cap [World of Warcraft]