maybe I should have said Stateful inspection.. IE inspection of SMTP whereas it limits the commands that are allowed and makes protocol adjustments. thanks, J
-----Original Message----- From: E.B. Dreger [mailto:eddy+public+spam@noc.everquick.net] Sent: Sunday, March 30, 2003 5:11 PM To: nanog@merit.edu Subject: RE: State Super-DMCA Too True
JM> Date: Sun, 30 Mar 2003 10:34:28 -0500 JM> From: "McBurnett, Jim"
JM> NAT-- HMMM - In my eyes that is a security precaution for the JM> ignorant.. Think of this: Joe user goes to Wally World, or JM> Staples and get's a Linksys BEFSR11 cable/dsl router. He adds JM> NAT, and walla, his computer is no longer wide open to the JM> world... Albeit not a stateful firewall, it is much more
Actually, it _is_ stateful. It tracks state so it knows what inbound traffic is directed to what IP:port on the inside, or dropped if no match is found.
Run 1:1 NAT and see how secure that is. Run a "public" IP address with stateful rules that drop inbound traffic unless outbound traffic happened "recently". Compare.
NAT's "security" is a by-product of state that is necessary to achieve 1:N mapping.
Eddy -- Brotsman & Dreger, Inc. - EverQuick Internet Division Bandwidth, consulting, e-commerce, hosting, and network building Phone: +1 (785) 865-5885 Lawrence and [inter]national Phone: +1 (316) 794-8922 Wichita
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Date: Mon, 21 May 2001 11:23:58 +0000 (GMT) From: A Trap <blacklist@brics.com> To: blacklist@brics.com Subject: Please ignore this portion of my mail signature.
These last few lines are a trap for address-harvesting spambots. Do NOT send mail to <blacklist@brics.com>, or you are likely to be blocked.