Re: Hiding NATs with PF
From: Max Bolingbroke (batterseapower_at_hotmail.com)
Date: 09/28/05
- Next message: Jakub Głazik: "Re: Difference between package-1.0 and package-1.0p0"
- Previous message: Max Bolingbroke: "Re: Hiding NATs with PF"
- In reply to: ?: "Re: Hiding NATs with PF"
- Next in thread: Greg Hennessy: "Re: Hiding NATs with PF"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: 28 Sep 2005 14:06:43 -0700
? wrote:
> NAT can hide zombied boxes from regular scans for their currently known
> subset of zombied boxes.
> In addition NAT can prevent them from using existing exploits to install
> spyware.
> Some NAT devices were (and may still be) susceptable to being
> compromised.
I would understand this, but surely the problem would be just as bad if
firewalls were being used on a single non-NAT host connected to the
same part of the network? Actually, firewalls are mandatory in this
network, so it makes even less sense.
> As a general rule the 11th commandment (Thou shalt not get caught) applies.
> Do not announce the presence of a NAT device.
> Do not obviously abuse it.
> Be prepared to switch to connecting directly with zero notice.
>
> Remember it's easier to seek forgiveness than permission :-).
Sage advice :)
Thanks for your input,
Max
- Next message: Jakub Głazik: "Re: Difference between package-1.0 and package-1.0p0"
- Previous message: Max Bolingbroke: "Re: Hiding NATs with PF"
- In reply to: ?: "Re: Hiding NATs with PF"
- Next in thread: Greg Hennessy: "Re: Hiding NATs with PF"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
