Re: Systems behind NAT - port scanning etc.

From:
Date: 10/30/02 

Date: Wed, 30 Oct 2002 11:05:07 GMT

ok....this thread is getting way old. NAT, PAT, HIDE, STEALTH......whatever
man. They all work, they all have their flaws and/or exploitable behaviors.
You say tomAAAAto I say tomaaaaaato. This horse has been beaten to
death....agreed? Anyone? Jeez..... 

---
Everybody's an expert!
~«©¿©»~

"Lik Mai Sak" <cuddlybear101@yahoo.com> wrote in message
news:3DBF87CF.EB80EF6B@yahoo.com...
> Melinda Shore wrote:
>
> > In article <3DBEE599.3ADE483E@yahoo.com>, Lik Mai Sak  <alt.test> wrote:
> > >Due to the upsurge in broadband, I encourage as many people as possible
to go
> > >to a router with NAT rather than a cable modem/soft client/ICS setup.
> > Really?  When someone asks me how to tell whether or not a
> > consultant is any good, I tell them to ask about NAT.
>
> So what exactly is your problem with NAT? It does what it does, translate
> addresses/ share a single(+) WAN IP. Some people incorrectly say "it's a
firewall"
> because it blocks certain traffic. Some vendors implementations are crap,
some are
> good.
> A well configured* and implemented NAT based router is less vulnerable
than a
> software firewall. Ever had a virus delete your router? Or a buffer
overflow**? Or
> a memory leak.
>
> > It's a sure thing that someone who recommends NAT as a
> > security device doesn't understand IP or security.
>
> And clients *do* understand security? Ever tried explaining security to
the
> clueless twits that use computers? A good consultant can explain things to
a
> client, in terms their little minds can comprehend. Too much technobabble
and they
> switch off. Telling a client to "go read RFCeditor.org" or subscribe to
bugtraq is
> not good sense.
>
> > >What would you recommend as an alternative with similar
price/performance?
> > Firewall, no NAT.
> >      Melinda Shore - Software longa, hardware brevis - shore@panix.com
>
> Not a router with filtering/access control/NAT/SPI to a multihomed box
running
> Firewall/Logging and proper security enabled?
>
> E.
>
> *like the old argy about Linux vs MS. It's the twit that builds it that
ultimately
> determines the level of security.
> ** I know. Don't say it.
>

Relevant Pages

  • [REVS] Bypassing Client Application Protection Techniques
    ... Get your security news from a reliable source. ... protection programs. ... * Kerio Personal Firewall 4.0 ... And we got actually nothing in the field of client application ...
    (Securiteam)
  • Re: SNAT
    ... ISA2K always performs NAT between LAT and> the rest of interfaces when works in firewall or integrated mode. ... Clear the default gateway property at the clients IP configuration thus> making them to not be a snat client. ... To grant internet access for those> computers you have to make them either firewall or webproxy client. ...
    (microsoft.public.isa)
  • Re: Must I be forced to Upgrade from SBS 4.5?
    ... Just sometimes with security you need to be political, a NAT only customer ... "wrong" if no "industrial strength" firewall is not installed, ... The good thing about ISA is that it can be updated ...
    (microsoft.public.backoffice.smallbiz)
  • Re: router/firewall, wireless gateway recommendation for home user
    ... NAT will reduce all of the direct attacks unless you ... firewall appliance for under $100. ... to your wireless nodes, and to protect all internal hosts via NAT, you ... device to reduce direct attacks (additional security layer). ...
    (Security-Basics)
  • Re: SNAT
    ... NATing could cause any problems with outbound/inbound internet access. ... Get rid of your external NAT box. ... Choose the upcoming ISA2K4 as your firewall solution. ... computers you have to make them either firewall or webproxy client. ...
    (microsoft.public.isa)