[Dshield] NAT: Secure?

Leone, Michael michael_leone at merck.com
Wed Aug 27 15:07:31 GMT 2003


Given the recent events, that log must now be quite large. 

-mike
-----Original Message-----
From: Keith Bergen [mailto:keith at keithbergen.com] 
Sent: Wednesday, August 27, 2003 10:35 AM
To: General DShield Discussion List
Subject: Re: [Dshield] NAT: Secure?


Just to start off, a "NAT Firewall" is not a firewall. It is, 
however, a fairly good way for people to add some protection 
to their home network.

Basically, NAT is designed to allow multiple computers behind 
a single point to access the Internet etc. The outside world 
only "sees" the router, so it wouldn't see your valuable data 
on your home PC.

When a request for a port comes to the NAT router, let's say 
port 135, the NAT router either knows to forward it, or 
doesn't. If you haven't told it how to forward 135, it just 
goes away.

Hope this simple explanation from an even simpler individual 
helps.

I've logged all the connections that my router has "turned 
away" since april.
http://keithbergen.dyndns.org/cgi-bin/rlac.pl

Keith.


---- Original message ----
>Date: 27 Aug 2003 08:49:49 -0400
>From: Alan Frayer <afrayer at frayernet.com>  
>Subject: [Dshield] NAT: Secure?  
>To: list at dshield.org
>
>Please pardon the basic question, but I'm filling holes in my
>understanding of firewalls, and figure this is a good place 
to do so.
>
>How secure is NAT? One sees advertised dozens of inexpensive 
broadband
>routers with simple NAT firewalls (which isn't really a 
firewall, I
>know; the firewall is a side effect of the purpose of NAT), 
and I wonder
>if the public isn't being taken by depending on these 
devices.
>
>_____________________________________________________________
___________
>Alan Frayer,CNE,CNI,CIW CI,MCP,Net+ - afrayer at frayernet.com
>Seeking an IT Mgmt/Network Admin position in the Tampa Bay 
Region
>If you would like to discuss an opportunity with me, please 
e-mail.
>
>
>_______________________________________________
>list mailing list
>list at dshield.org
>To change your subscription options (or unsubscribe), see: 
http://www.dshield.org/mailman/listinfo/list

_______________________________________________
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list

------------------------------------------------------------------------------
Notice:  This e-mail message, together with any attachments, contains
information of Merck & Co., Inc. (Whitehouse Station, New Jersey, USA), and/or
its affiliates (which may be known outside the United States as Merck Frosst,
Merck Sharp & Dohme or MSD) that may be confidential, proprietary copyrighted
and/or legally privileged, and is intended solely for the use of the
individual or entity named on this message.  If you are not the intended
recipient, and have received this message in error, please immediately return
this by e-mail and then delete it.
------------------------------------------------------------------------------




More information about the list mailing list