nanog mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Block all servers?

From: "Terry Baranski" <tbaranski () mail com>
Date: Sat, 11 Oct 2003 20:19:01 -0400


This internet draft is available at:
http://quimby.gnus.org/internet-drafts/draft-aboba-nat-ipsec-04.txt


Ken Emery wrote:

I can't figure out if anything happened with 
this draft (I'm guessing nothing went on).  The 
draft expired on December 1, 2001.


IPSec NAT Traversal is still being standardized, but has already been
implemented in a good number of products.  Current drafts:

http://www.ietf.org/internet-drafts/draft-ietf-ipsec-nat-t-ike-07.txt
http://www.ietf.org/internet-drafts/draft-ietf-ipsec-udp-encaps-06.txt
http://www.ietf.org/internet-drafts/draft-ietf-ipsec-nat-reqts-05.txt

Jon Lewis wrote:

But why all this talk of NAT?  Even if we all 
universally deployed it on monday, it wouldn't 
solve the problem.  All it would do is keep the 
spammer/hackers from turning grandma's PC into a 
web server/proxy.


As well as preventing infection from worms like Blaster, and so forth.
It's hard to imagine one solution solving the entire laundry list of
problems.  One step at a time.

That being said, NAT does break stuff and as has been mentioned,
filtering is certainly possible without having to bring NAT into the
mix.  Microsoft assures us that the Windows firewall will be enabled by
default starting with WinXP patches early next year.  How easy will it
be to turn it off?  Will a virus be able to do it for you?

-Terry
Previous By Date Next
Previous By Thread Next

Current thread: