[Dshield] [DShield] Architecture approach
hakon at alstadheim.priv.no
Sat Aug 13 10:41:09 GMT 2005
Aaron Lewis wrote:
>I didn't say I don't like NAT I use NAT at home and everywhere else on
>private nets. I just said I don't think a public web server is a valid
>application for NAT. Don't feel like you're hiding because you're not. It's
>very easy to reveal your real IP.
>www.whatismyip.com is a very simple example of this.
Your point being? I mean if I want to run a public service through NAT,
its pretty obvious that any client would need the IP of my NAT'ing
router. If this router only port-forwards one port to the actual server,
knowing the IP of my border router will not help an attacker. The way I
see it NAT makes it easier to secure a network, because anything inside
that you want to expose has to be EXPLICITLY enabled.
Håkon Alstadheim +47 74 82 60 27
More information about the list