[Dshield] [DShield] Architecture approach

Brian Dessent brian at dessent.net
Fri Aug 12 04:27:28 GMT 2005


Mike Wydra wrote:

> I love my NAT. It's doing a fine job of hiding my IP address

How exactly does NAT hide anything?  The address translation is local to
you and you alone.  To every other machine on the internet you have a
regular non-rfc1918 IP address.  No machine will see your NATed
address.  Even the very headers of the message to which I'm replying
show that your address is c-24-15-134-176.hsd1.il.comcast.net
[24.15.134.176].

NAT does do a fine job of limiting unsolicted incoming connections,
which is a very good thing.  However, that is not a property of NAT,
that is a property of a stateful firewall.  You can achieve that without
NAT.

Brian


More information about the list mailing list