home bbs files messages ]

Just a sample of the Echomail archive

Cooperative anarchy at its finest, still active today. Darkrealms is the Zone 1 Hub.

   IPV6      The convoluted hot-mess that is IPV6      4,612 messages   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]

   Message 2,688 of 4,612   
   Markus Reschke to Victor Sudakov   
   NAT   
   26 Jan 19 12:12:38   
   
   Hello Victor!   
      
   Jan 25 23:46 2019, Victor Sudakov wrote to All:   
      
    VS> With the proliferation of IPv6 I hear more and more often that NAT is    
    VS> a great security mechanism because it hides your intranet    
    VS> infrastructure from outsiders,   
      
   There's a lot of misunderstanding of NAT and security. The typical case is   
   that NAT is done by a dedicated firewall or a router with firewall features,   
   i.e. the firewall/router does packet filtering and NAT. So a lot of people   
   think that NAT implies security, but it doesn't. NAT is exactly what the   
   acronym says: network address translation. An 1:1 NAT simply translates one   
   address or subnet to another. How could that provide any security? What you   
   need is packet filtering (plus proxies and so on).    
      
    VS> infrastructure from outsiders, and how unfit IPv6 is for enterprise          
    VS> networks because it lacks the notion of NAT which makes IPv6 networks        
    VS> so very very much insecure.   
      
   There's also NAT for IPv6. BTW, IPv6 has a nice feature called Privacy   
   Extensions to automatically change IP addresses regularly.    
      
   ciao,   
   Markus   
      
   ---    
    * Origin: *** theca tabellaria *** (2:240/1661)   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]


(c) 1994,  bbs@darkrealms.ca