Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Firewall Wizards: RE: Free NAT for NT?

RE: Free NAT for NT?

From: LeGrow, Matt <Matt_LeGrow_at_NAI.com>
Date: Wed, 8 Sep 1999 09:29:42 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Carl,

The IETF draft on the architectural implications of NAT sounds like a
lot of Chicken Little-type rhetoric to me. The author's arguments
against NAT, such as

- - "inhibiting security at the IP layer" (a solution that has been
debated due to questions of efficiency and router workload from the
very inception of the IPng protocol - after all, the streamlined
header design is supposed to DECREASE router load)
- - "encouraging casual use of private addresses can cause namespace
collisions with VPNs that have to traverse multiple NATs" (can be
overcome with a reasonable degree of overall architecture and design,
such as two VPN endpoints subnetting their private namespace)
- - "breaking the end-to-end flexibility of the Internet model"
(between individual corporate networks, sure - thats the IDEA - noone
is suggesting we stick a big PIX box between a couple major NAPs)

seem to have resonable answers once you stop waving your hands over
your head.

Personally the first time I brought my house LAN onto the internet
securely and in less than five minutes with a spare 486 and Linux IP
Masquerading I was thanking the gods for NAT, and wondering why NT
didn't have the same.

Matt LeGrow
Network Associates, Inc.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Note: Opinions expressed herein are most certainly NOT that of my
employer:-)

- -----Original Message-----
From: Carl Brewer [mailto:carl_at_bl.echidna.id.au]
Sent: Tuesday, September 07, 1999 6:42 PM
To: firewall-wizards_at_nfr.net
Subject: Re: Free NAT for NT?

I'm not coming down on Robert here!

<rant>
It's a shame that M$ are providing NAT, which even they know
is a bad technology (it was a M$ employee that wrote the IETF
case against NAT), and not IPv6. Please don't lose focus! NAT
is a short-term ugly broken hack, push your vendor(s) for IPv6
support!

http://www.ietf.org/internet-drafts/draft-iab-nat-implications-04.txt
http://www.ietf.org/internet-drafts-ietf-iab-case-for-ipv6-04.txt

If you're using, or worse, planning to use, NAT and you haven't
read the above two documents, read them :)
</rant>

Carl

> From owner-firewall-wizards_at_lists.nfr.net Wed Sep 8 08:32 EST 1999
> Date: Mon, 6 Sep 1999 14:20:07 -0700 (PDT)
> From: Robert Graham <robert_david_graham_at_yahoo.com>
> Subject: Re: Free NAT for NT?
> To: Ryan Russell <Ryan.Russell_at_sybase.com>,
> firewall-wizards_at_nfr.net MIME-Version: 1.0
>
> The new "Connection Sharing" feature in Win98 SE and Windows 2000
> is based upon NAT (created by a company called Nevod that was
> bought by M$, used to be called NAT1000). In essence, this means
> that every Win98/Win2K is/will-be shipping with a NAT.
>
> Check out these links:
> http://www.uq.net.au/~zzdmacka/the-nat-page/nat_windows.html
> http://www.alumni.caltech.edu/~dank/peer-nat.html
>
> Recently, I setup a Win2k "connection sharing" NAT and was able to
> port scan the one machine behind it. Doesn't seem right. Anybody
> have experience with this?
>
> Rob.
>
> --- Ryan Russell <Ryan.Russell_at_sybase.com> wrote:
> > Anyone aware of any free Network Address Translation (NAT)
> > software for Windows NT?
> >
> > I'm writing a chapter on NAT, and the publisher is calling for
> > examples in Linux, Cisco IOS, and NT. The first two are easy,
> > but I'm only aware of commercial solutions for NT. (No, I'm not
> > under the impression that the Cisco implementation is free, but
> > since there is only one choice, it's a bit of a moot point.)
> >
> > I prefer free solutions, so that readers can obtain and play with
> > the technology more easily. Barring that, I'll go after
> > low-cost, or possibly higher-cost but with downloadable demo.
> >
> > Ryan
> >
> >
> >
>
> ===
> Robert Graham
> "Anxiously awaiting the millenium so I can start programming
> dates with 2-digits again."
> __________________________________________________
> Do You Yahoo!?
> Bid and sell for free at http://auctions.yahoo.com
>
>

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.1
Comment: Crypto Provided by Network Associates <http://www.nai.com>

iQA/AwUBN9aO9hzV4nRUHFtQEQL14wCcCm0xMyGhSAgCkBOGKwacxuJ51zoAn2Uq
IRwB0ipz9o6yaMb7nJtUl1Ba
=dr4w
-----END PGP SIGNATURE-----
Received on Sep 08 1999

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]