[Dshield] [DShield] Thanks Brian

Mike Wydra mwydra1 at comcast.net
Sat Aug 13 00:06:40 GMT 2005


Brian Dessent wrote:
>How exactly does NAT hide anything?  The address translation is local to you >and you alone.  To every other machine on the internet you have a regular >non-rfc1918 IP address.  No machine will see your NATed address.

Gee, thanks Brian - it was really "swell" of you to post my name with my IP address on this public list. Hope I can return the "favor" some day. 

Johannes B. Ullrich wrote:
>I think we are mixing up two issues here:
>- NAT: Lots of people use it to share a single routed IP address among
>several hosts. It will also make it harder to directly address (=target)
>a system on the local network.

Thank-you Johannes - this IS what I was talking about, and now I know that there are two different NAT issues. As I've stated many times - I'm an average "home user," and I think there are a lot of other people on this list that are in the same boat that I am. We are NOT running servers, so we don't tend to have port 80 wide open to the world. In fact - we don't want ANYBODY coming into our machines, unless we invite them in. We are on this list in an attempt to learn how to protect ourselves from all the freaks out there. In return (at least in my case), we will do what we can to help the cause. However, most of the stuff your talking about is way over our heads. So hey - I'm sorry if I used the term "NAT" wrong. By saying "NAT," I'm talking about my $40 Microsoft Basestation. It does a fine job of stealthing ALL of my incoming ports, so if some clever JERK does read my IP address from the headers I send out, they will not be able to enter my machine. As I understand it - the "jerk" can ping my machine all day and it won't respond. Sounds good to me...

My second line of defense is my software firewall, which is backing up my basestation, and blocking any "call home to mommy" crap that might be on my machine. Isn't this the "layered defense" that you guys are talking about?? Or did I get that wrong too... Anyway - that's my understanding of NAT. It works great for me, and that was my point. 

Mike Wydra




More information about the list mailing list