Re: Are you protected by NAT?

From: Harry Krause (hkrause@mindspring.com)
Date: 06/12/02 

From: Harry Krause <hkrause@mindspring.com>
Date: Tue, 11 Jun 2002 19:43:34 -0400

SysAdm wrote:
> replies in-line
>
>
> "Larry W4CSC" <spaminator@knology.net> wrote in message
> news:3d0560bb.20615362@news.knology.net...
>> On Mon, 10 Jun 2002 23:46:16 +0000 (UTC), "SysAdm"
>> Ok, so go ahead and trash my computer on 192.168.0.3. I'll
>> wait........
>
> again, Im not talking about a private address - im talking about how we see
> *you* from here - ie. we see the public side of the nat, not the private
> side.
>
>> True. But, of course, you are talking about an INTERNAL
>> worm/virus/trojan opening a hole in the NAT and listening for a call
>> through it from its script kiddie, right? The up-to-date virus
>> scanner, mostly, eliminates this possibility. You are also talking
>> about scripting. Scripting is UNINSTALLED on all systems, here.
>> Which type of scripting are you talking about? .vbs....no host to run
>> it on. Javascript?.....disabled and its dll deleted. We CAN, and do,
>> live without scripting, here. The applications, etc., are scanned by
>> Symantec. It updates daily.
>
> totally wrong. Im not at all talking about internal exploits. As I said in
> my original post, I was talking about remote exploits such as Cross-Server
> Scripting or malicious applets. Either of these techniques require no
> worm/virus/trojan to be local on your system. eg. goto www.digicrime.com
>
> As for the rest of your mail, because *your* system may be as secure as you
> can make it, does not mean that NAT is a secure feature. My point was that
> NAT itself does not provide the security that some believe it to, and is
> certainly not a singular fix to security dilemmas.
>
> Now please stop asking us to "hack" a private address.
>
> SysAdm
>
>
>

Larry is a decent guy, but he doesn't have a clue about these matters
and changes his mind about products one week to the next.

Relevant Pages

  • Re: Are you protected by NAT?
    ... SysAdm wrote: ... Scripting is UNINSTALLED on all systems, ... does not mean that NAT is a secure feature. ... > certainly not a singular fix to security dilemmas. ...
    (comp.security.firewalls)
  • Re: Are you protected by NAT?
    ... Im not talking about a private address - im talking about how we see ... *you* from here - ie. we see the public side of the nat, ... Scripting is UNINSTALLED on all systems, ... certainly not a singular fix to security dilemmas. ...
    (comp.security.firewalls)
  • Re: Are you protected by NAT?
    ... if youre talking bi-directional NAT then NAT on its own doesnt provide ... >an effective security solution at all. ... Scripting is UNINSTALLED on all systems, ... >for a directed broadcast attack, or a smurf attack - both of which NAT would ...
    (comp.security.firewalls)
  • Re: Are you protected by NAT?
    ... if youre talking bi-directional NAT then NAT on its own doesnt provide ... >an effective security solution at all. ... Scripting is UNINSTALLED on all systems, ... >for a directed broadcast attack, or a smurf attack - both of which NAT would ...
    (comp.security.firewalls)