[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Slashdot: UK ISP PlusNet Testing Carrier-Grade NAT Instead of IPv6
- Subject: Slashdot: UK ISP PlusNet Testing Carrier-Grade NAT Instead of IPv6
- From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks at vt.edu)
- Date: Fri, 18 Jan 2013 14:44:43 -0500
- In-reply-to: Your message of "Thu, 17 Jan 2013 18:21:28 -0500." <CAP-guGU+2CYb0ef09R5_5PKep=gtWPUhyrOBGuWNnRdkQAZ7gQ@mail.gmail.com>
- References: <CAP-guGUvFZLFzv49s8n9CTqZd_LMwR3Zhs0LhRWZ7J8H0=rx1Q@mail.gmail.com> <CD1D89F1.8968%[email protected]> <CAP-guGU+2CYb0ef09R5_5PKep=gtWPUhyrOBGuWNnRdkQAZ7gQ@mail.gmail.com>
On Thu, 17 Jan 2013 18:21:28 -0500, William Herrin said:
> Then it's a firewall that mildly enhances protection by obstructing
> 90% of the port scanning attacks which happen against your computer.
> It's a free country so you're welcome to believe that the presence or
> absence of NAT has no impact on the probability of a given machine
> being compromised. Of course, you're also welcome to join the flat
> earth society. As for me, the causative relationship between the rise
> of the "DSL router" implementing negligible security except NAT and
> the fall of port scanning as a credible attack vector seems blatant
> enough.
Oddly enough, the drop in portscanning attacks maps even more closely
to the shipping of XP SP2, which turned on the onboard firewall by
default. Remember that some of the really big worm hits were when
they managed to get loose inside corporate networks behind the NAT...
Also, a NAT doesn't stop a Java or Adobe exploit in the least, as anybody
with security clue will tell you....
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 865 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20130118/2cd4a1e3/attachment.bin>