Page 2 of 2 FirstFirst 12
Results 21 to 23 of 23

Thread: software help needed

  1. #21
    Leythos
    Guest

    Re: software help needed

    In article <h9vtbl$66l$1@news.eternal-september.org>,
    jon@jonsolberg.nospam.se says...
    > > [...] We have the option of not using NAT, but have yet to find
    > > anything the businesses need that it causes a problem with.

    >
    > Like VoIP then?


    I have a firewall appliance that does VOIP just fine, in fact I have 4
    Vonage devices behind my Firebox x1250 and they have no issues at all.

    I have entire medical centers behind firewall appliances, using NAT,
    where there are VOIP based systems for some departments - and they work
    across a site-site VPN through the firewalls.

    > > NAT used in home/residential class routers IS a protection, it blocked
    > > unsolicited connections to the LAN.

    >
    > But a false one due to crappy NAT/IP Masquerading implementations in
    > consumer broadband routers.


    And I have yet to actually experience one that is broken and I started
    with the first NAT router that was released for residential use and have
    used Linksys, D-Link, Netgear, 3COM, CISCO devices without breaking
    anything.



    --
    You can't trust your best friends, your five senses, only the little
    voice inside you that most civilians don't even hear -- Listen to that.
    Trust yourself.
    spam999free@rrohio.com (remove 999 for proper email address)

  2. #22
    Leythos
    Guest

    Re: software help needed

    In article <7ihkhfF30vep4U2@mid.individual.net>, usenet-2009
    @planetcobalt.net says...
    >
    > 1PW <1PW@invalid.com> wrote:
    > > Without question, NAT routers have certainly helped the average home
    > > user greatly enhance their security in the last few years.

    >
    > No, it hasn't. NAT was never designed, nor is it suited, to be a
    > security feature.
    >
    > What you're referring to is dropping inbound connection attempts, which
    > any even halfway decent packet filter should be able to do.


    A residential/home user is safer behind a NAT router than directly
    connected to the internet. While NAT is not a security feature, a 1:MANY
    NAT does offer "protection" from unsolicited traffic - and that is a
    very big protection when talking about the typical ignorant users home
    computer(s).

    --
    You can't trust your best friends, your five senses, only the little
    voice inside you that most civilians don't even hear -- Listen to that.
    Trust yourself.
    spam999free@rrohio.com (remove 999 for proper email address)

  3. #23
    Moe Trin
    Guest

    Re: software help needed

    On Wed, 30 Sep 2009, in the Usenet newsgroup comp.security.firewalls, in
    article <h9vtbl$66l$1@news.eternal-september.org>, Jon Solberg wrote:

    >Leythos <spam999free@rrohio.com> wrote:


    >> jon@jonsolberg.nospam.se says...


    >>> ********. There's no NAT at my present (or any of my previous work
    >>> places, ranging from universities to smaller consulting firms), we
    >>> all have/had public IPs behind a firewall. That NAT must be used
    >>> together with firewalls is one of the most widespread misconceptions
    >>> about firewalls there is. Please don't spread that misconception any
    >>> further. NAT is address translation, not a security policy.


    It's kind of wishy-washy, but see RFC4864

    4864 Local Network Protection for IPv6. G. Van de Velde, T. Hain, R.
    Droms, B. Carpenter, E. Klein. May 2007. (Format: TXT=95448 bytes)
    (Status: INFORMATIONAL)

    >> The your places of work were wasting IP space.


    An artifact of the way blocks of IP addresses were handed out in the
    1970s through mid 1990s. Initially, you got the next larger size of
    a /24, /16 or /8. This attitude is shown by the effective use of a
    single host with _two_ slant eights (0.0.0.0 and 127.0.0.0) verses
    two (or more) /32s. If you look at the way blocks are being handed
    out now (2009), the majority of new blocks are smaller than /20s
    (255.255.240.0 or fffff000 - 4094 usable addresses)

    >No they are using IPv6. The problem of limited addressing is not
    >solved by using NAT:ed IPv4. It's a broken solution.


    At the moment, it's not solved by IPv6 either. Ignoring work (because
    of an NDA), just one of the four ISPs I regularly use provides real
    IPv6 addresses. If you look world wide, that is above the average. On
    15 September 2009, the five Regional Internet Registries (AfriNIC,
    APNIC, ARIN, LACNIC and RIPE) had allocated or assigned 2,923,334,816
    IPv4 addresses (78.87 percent of non-RFC3330 address space) in 97651
    networks. They've also allocated or assigned 1.103e33 IPv6 addresses
    (0.026 percent of the non-RFC5156 address space) in 3697 networks.
    You're posting with a .se domain - Sweden had 870 IPv4 blocks and just
    66 IPv6 blocks. Great - there are a jillion IPv6 addresses (the
    _smallest_ assigned blocks are 4 /64s, each of which is 1.845e18
    addresses - six billion times the total current IPv4 space) but if
    the only way I can get to them is through the equivalent of NAT, and
    that adds 6 to _20_ hops to the path (latency), it's not doing me a
    whole lot of good. Chicken? Egg? Sure, eventually IPv6 is going to
    save the planet, but that day isn't in sight yet, and until then, NAT
    and RFC1918 is going to remain an important part.

    Old guy

Similar Threads

  1. Battle of 35 Antivirus, Who's The Champion?!
    By akbarri in forum Software Forum
    Replies: 10
    Last Post: 06-17-09, 01:28 PM
  2. Disreputable anti-parasite software
    By George Orwell in forum alt.computer.security
    Replies: 4
    Last Post: 05-13-09, 07:09 AM
  3. software needed.
    By 24giovanni in forum Software Forum
    Replies: 5
    Last Post: 07-15-08, 03:25 AM
  4. Linksys tech support live chat transcript - enjoy!!!!
    By jim in forum ms.public.windows.networking.wireless
    Replies: 2
    Last Post: 06-30-08, 11:19 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •