12 Mar
2009
12 Mar
'09
12:31 p.m.
On Wed, 11 Mar 2009 07:53:01 -0800, Marcus Reid said:
A quick scan of the reverse mapping for your address space in DNS reveals that you have basically your entire network on public addresses. No wonder you're worried about portscans when the printer down the hall and the receptionists machine are sitting on public addresses. I think you are trying to secure your network from the wrong end here.
You *do* realize that "has a public address" does not actually mean that the machine is reachable from random addresses, right? There *are* these nice utilities called iptables and ipf - even Windows and Macs can be configured to say "bugger off" to unwanted traffic. And you can put a firewall appliance inline without using NAT as well.