[BBLISA] Last night's IPv6 talk
Joe McDonagh
joseph.e.mcdonagh at gmail.com
Sat May 15 20:56:09 EDT 2010
RE: NAT and security
NAT is to network security something like what blinds are to house
security. Someone can pull some pretty simple techniques to discover the
layout of your internal network regardless of the 'security' that is
perceived to be in place by using NAT. The benefit NAT gives is using
your minuscule ISP-given IP range to load balance to a metric ton of
web/smtp servers on an arbitrary private network.
All someone has to do anyways is smash something on your 'internal'
range (reverse proxied no doubt cause you actually have services behind
the NAT gateway) and it gets out through NAT to $attacker guy/girl's
reverse shell. I just can't even fathom that people associate NAT with
security.
--
--
Joe McDonagh
Operations Engineer
AIM: YoosingYoonickz
IRC: joe-mac on freenode
"When the going gets weird, the weird turn pro."
More information about the bblisa
mailing list