Re: NAT is not a mechanism for securing a network.. but.. HELP!

From: CyberDroog (CyberDroog_at_ClockworkOrange.com)
Date: 08/26/05 

Date: Fri, 26 Aug 2005 16:22:32 GMT

On Thu, 25 Aug 2005 22:54:33 GMT, "Duane Arnold" <Notme@Notme.com> wrote:

>"CyberDroog" <CyberDroog@ClockworkOrange.com> wrote in message
>> <shrug> You seem to be a little trapped in all or nothing thinking about
>> this. But if you like...
>>
>> Your system is absolutely insecure. I can break into your house and
>> literally take your whole PC. Why don't you get a *real* firewall? ;)
>>
>
>You're starting to become a PITA about it as far as I am concerned and it's
>much do to about nothing.

Well, that is my point... Spitting your coffee all over the keyboard and
choking every time you see someone call their NAT router a firewall is much
ado about nothing.

You know very well what they mean. That placing the box between their
cable and their PC is an attempt at preventing unrestricted access into
their system. It is a process of firewalling their system. That a cheap
NAT router is unable to prevent *all* forms of access is just a matter of
capabilities.

>And let me ask you this, weren't you the one who posted some kind of
>nonsense awhile back about meeting some lady TV reporter as she busted out
>past the FW and you meet her in cyberspace? Your posting name certainly
>rings a bell on that you college boy and I have suspicions that it was you
>as your name looks familiar to me now. ;-) You have been around for a
>while.

Contrary to your penchant for winking, I think you are flying off the
handle here. Keep in mind I am poking you in the ribs every time that I
tell you a NAT router is a firewall. As Tony Soprano would put it "I'm
busting your balls." Don't be so touchy.

Yes, I believe that a simple NAT router is a basic attempt at firewalling a
system. About as much as the average home user will ever do. It's *their*
firewall, whether you like it or not. Together with a basic software
firewall (a packet filter, which also makes you apoplectic when people call
it a firewall), it's not a bad firewall. Not for a home user.

Don't be so intense. We're not talking about protecting Citicorp in this
case. It's a home user. Let them have their firewall. You could just
smile and nod when they tell you about it instead of jumping over the table
and throttling them.

BTW, I'd like to just ignore the silly charge based on your poor memory...
But you're a nice guy generally, so here you go.

The poster you are speaking of is: Kenny Koala <kenny@nym.alias.net> The
following is a response I made to him. It's from my own database, but you
can follow the message-id back to his original posts.

===============================
From: CyberDroog <CyberDroog@starfleet.gov>
To:
Newsgroups: comp.security.firewalls
Subject: Re: Using a home T-1 line to evade company filtering
Date: Mon, 08 Sep 2003 04:06:02 -0500
Reply-To: CyberDroog@starfleet.gov
Message-ID: <cvgolv8qibvqj4hs3gv0s2caius664be74@4ax.com>
References: <20030908075421.25239.qmail@nym.alias.net>
X-Newsreader:
X-No-Archive: yes

On 8 Sep 2003 07:54:21 -0000, Kenny Koala <kenny@nym.alias.net> wrote:

>
> I have found out how you can beat filtering/monitoring in your company.
>Get a home T-1 line, if you can afford it.
> There is this one hot chick at a major American news network, both she
>and her network will go un-nanmed, but she beats her network filters by
>using a home T-1 line. With her high salary, she can afford the $1000/month
>cost for a T-1 line.
> What she does is have her home computer set up at home to act is a
>proxy, and come to a chat room where her and I have been chatting, she has
>her computer, and home T-1 line set up as a proxy, and she gets on to the
>chat room bouncing off her home PC. The admins know she goes to her home
>T-1 line, but what she does cannot POSSIBLY be discovered by the coporate
>admins at the station she works for. She makes a $100,000 plus salary, so
>she can afford the cost of a home T-1 line. And if it can prevent her
>network admins from knowing what she is doing, the $1000/month cost of a
>T-1 line in her home makes it worth it.

1. Your a dupe for believing some random chick in a chat room is some hot,
high paid person at a major news network. In all likelihood it isn't even
a woman.

2. You don't need a T1 line to set up a proxy. A $40 per month cable
connection will do just fine. Not to mention that there are free, or low
cost, proxy services out there. You don't need to set up your own.

3. Your a dupe for believing it can't be discovered. It might have escaped
you that the content of packets can be examined to see what somebody using
a proxy is doing.

Do you really believe that network admins have never heard of a proxy
before? ANYTHING that you send or receive over a network can be viewed by
the admins. There are programs that will reconstruct the traffic and allow
the admin to see exactly what the user is seeing.

If the middle aged pervert you are chatting with types "yada yada yada",
that data has to pass through the local network to get to the proxy. And
whatever you type to your boyfriend has to pass through that local network
to get to him. It's an open book for any admin who cares to pay attention.
=============================== 

-- 
There will be peace when the Arabs love their children more than they hate
others.
  - Golda Meir