[Dshield] [DShield] Architecture approach

Håkon Alstadheim hakon at alstadheim.priv.no
Sat Aug 13 10:41:09 GMT 2005


Aaron Lewis wrote:
>I didn't say I don't like NAT I use NAT at home and everywhere else on
>private nets. I just said I don't think a public web server is a valid
>application for NAT. Don't feel like you're hiding because you're not. It's
>very easy to reveal your real IP.
>
>www.whatismyip.com is a very simple example of this.
>  
Your point being? I mean if I want to run a public service through NAT, 
its pretty obvious that any client would need the IP of my NAT'ing 
router. If this router only port-forwards one port to the actual server, 
knowing the IP of my border router will not help an attacker. The way I 
see it NAT makes it easier to secure a network, because anything inside 
that you want to expose has to be EXPLICITLY enabled.

-- 
Håkon Alstadheim 	+47 74 82 60 27
7510 Skatval



More information about the list mailing list