On Thu, Jul 07, 2005 at 01:31:57PM -0700, Crist Clark wrote:
And if you still want "the protection of NAT," any stateful firewall will do it.
That seems a common viewpoint. I believe the very existence of the Ping Of Death rebuts it. A machine behind a NAT box simply is not visible to the outside world, except for the protocols you tunnel to it, if any. This *has* to vastly reduce it's attack exposure. Anyone with a pointer to an *in depth* explanation somewhere of why that assumption is invalid can mail it to me off list, and I'll shut up. Cheers, -- jra -- Jay R. Ashworth jra@baylink.com Designer Baylink RFC 2100 Ashworth & Associates The Things I Think '87 e24 St Petersburg FL USA http://baylink.pitas.com +1 727 647 1274 If you can read this... thank a system administrator. Or two. --me