Re: [fw-wiz] ***SPAM*** Re: IPv6 support in firewalls





Patrick M. Hausen wrote:

First you should not rely on NAT as a security measure, anyway,
because it isn't.

I advocate using every measure possible to provide security. IP masquerading helps thwart information gathering. I would never suggest using NAT as the only security measure. By IP masquerading, I avoid having a RIR identify the address blocks I use internally, as they would if I were to use public space. Explain why you feel this is wrong?


Third, this is the _only_ way to get rid of the "net 10 considered
harmful" nightmare

It's only a nightmare for people who do not exercise discipline in assigning addresses. I could just as easily err with public addresses and assign the same block of addresses to multiple sites. The fact that an RIR allocates you a block of IPv6 addresses does not guarantee you will not botch assignment within your networks.

Even Forrest Gump knows, "stupid is as stupid does".


IMHO theses are the combined reasons to start over and
kill NAT forever.

Won't happen in my lifetime, nor my childrens' lifetime. begin:vcard
fn:David Piscitello
n:Piscitello;David
adr;dom:;;3 Myrtle Bank Lane;Hilton Head;SC;29926
email;internet:dave@xxxxxxxxxxx
x-mozilla-html:FALSE
url:http://hhi.corecom.com/weblogindex.htm
version:2.1
end:vcard

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


Relevant Pages

  • Re: Nikon caves. D600 shutter repairs to be offered
    ... all that no support means is no more security updates and if you don't ... do anything stupid, that won't affect you in the least. ... that bug does not affect snow leopard, ... at some point, support ends. ...
    (rec.photo.digital)
  • Re: Windows vulnerability vs Linux vulnerability [Re: Would a firewall
    ... was that protection a part of the kernel or ... implementation of the NT line represented a good security mix. ... Having to give a user full admin rights to install software is stupid. ... same functionality as windows, I would really push for them when appropriate. ...
    (comp.security.misc)
  • Re: Windows vulnerability vs Linux vulnerability [Re: Would a firewall
    ... was that protection a part of the kernel or ... implementation of the NT line represented a good security mix. ... Having to give a user full admin rights to install software is stupid. ... same functionality as windows, I would really push for them when appropriate. ...
    (comp.security.firewalls)
  • Re: Windows vulnerability vs Linux vulnerability [Re: Would a firewall
    ... was that protection a part of the kernel or ... implementation of the NT line represented a good security mix. ... Having to give a user full admin rights to install software is stupid. ... same functionality as windows, I would really push for them when appropriate. ...
    (alt.computer.security)
  • Re: OT - Republicans to America: "F*ck you, youre on your own"
    ... Headers like this just prove how stupid you really are. ... “Government, through social security and by fostering applicable insurance plans, must help protect the individual against hardship and help free his mind from anxiety.” ... The clearest way to show what the rule of law means to us in everyday life is to recall what has happened when there is no rule of law ... and an occasional politician or ...
    (alt.sports.basketball.nba.la-lakers)