On Fri, 31 Jul 2020 09:41:29 +0100
Andy Burns wrote:
> Richard Kettlewell wrote:
>
> > NAT is not a security measure. People presumably assume it is because it
> > is typically codeployed with an IPv4 firewall, but it’s the firewall
> > that is protecting your network, not the NAT.
>
> ISTR your construed example relies on packets to and/or from RFC1918
> subnets managing to traverse the internet?
One of my firewall rules exists to prevent such packets entering my
LAN, without it I'd be wide open to such attacks. Admittedly they're very
difficult to launch due to the prevalence of rules blocking such packets
but he is right it's the firewall rules that keep them out not NAT.
--
Steve O'Hara-Smith | Directable Mirror Arrays
C:\>WIN | A better way to focus the sun
The computer obeys and wins. | licences available see
You lose and Bill collects. | http://www.sohara.org/
--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | FidoUsenet Gateway (3:770/3)
|