Re: Systems behind NAT - port scanning etc.
From: Lik Mai Sak (cuddlybear101@yahoo.com)Date: 10/30/02
- Next message: Steve: "Re: ZA Conceptual Question"
- Previous message: mhicaoidh: "Re: ZoneAlarm Pro install with Anonymizer"
- In reply to: Melinda Shore: "Re: Systems behind NAT - port scanning etc."
- Next in thread: leemer: "Re: Systems behind NAT - port scanning etc."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Lik Mai Sak <cuddlybear101@yahoo.com> Date: Thu, 31 Oct 2002 06:30:55 +1100
Melinda Shore wrote:
> In article <3DBF87CF.EB80EF6B@yahoo.com>, Lik Mai Sak <alt.test> wrote:
> >So what exactly is your problem with NAT?
>
> 1) By breaking one IP fundamental design point it interferes
> with application protocols and prevents applications from
> securing themselves
> 2) The techniques that have been developed for allowing
> application protocols to traverse NATs introduce
> additional insecurities, some of them quite serious
> 3) Some of those mechanisms, such as STUN, cannot themselves
> be secured at all because a NAT is indistinguishable from
> a man-in-the-middle attack
> 4) The people recommending NATs as security devices don't
> understand the differences in NAT behaviors. To ascribe
> those differences to "crappy vendor implementations" is
> to fail to understand why different kinds of NATs (full
> cone, partial cone, symmetric) behave they do.
Bugger. Looks like I've got some more reading to do.
Thanx for an informative answer.
E.
- Next message: Steve: "Re: ZA Conceptual Question"
- Previous message: mhicaoidh: "Re: ZoneAlarm Pro install with Anonymizer"
- In reply to: Melinda Shore: "Re: Systems behind NAT - port scanning etc."
- Next in thread: leemer: "Re: Systems behind NAT - port scanning etc."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
