On Fri, Feb 16, 2024 at 5:22 PM Michael Thomas <mike@mtcc.com> wrote:
On 2/16/24 5:05 PM, William Herrin wrote:
Now, I make a mistake on my firewall. I insert a rule intended to allow packets outbound from 2602:815:6001::4 but I fat-finger it and so it allows them inbound to that address instead. Someone tries to telnet to 2602:815:6001::4. What happens? Hacked.
Yes, but if the DHCP database has a mistake it's pretty much the same situation since it could be numbered with a public address.
Um. No. You'd have to make multiple mistakes cross-contaminating your public and private ethernet segments yet somehow without completely breaking your network rendering it inoperable.
NAT is not without its own set of problems,
NAT's problems are legion. But the question was whether and how NAT improves the security of a network employing it. Regards, Bill Herrin -- William Herrin bill@herrin.us https://bill.herrin.us/