At 12:10 PM 11/22/04 -0800, Chris Palmer wrote:
There's another feature of NAT that is desirable that has not yet been
mentioned, and which at least some customers may be cognizant of: the
fact that NAT is a pretty restrictive firewall.
would that it were true. In fact, it is pretty easy to breech. All one has
to do is ddos with a the right port prefix, observe a response of any kind,
and you can ddos right through it.
An actual stateful firewall is a good thing. NAT mostly has the effect of
deluding the person behind it into thinking they have a security solution.
Screen doors are a good thing. They should be confused neither with storm
doors nor effective insect inhibitions in the home...
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf