nanog mailing list archives

Re: Arguing against using public IP space

From: Dave Hart <davehart () gmail com>
Date: Thu, 17 Nov 2011 05:56:07 +0000

On Wed, Nov 16, 2011 at 20:38, Ray Soucy <rps () maine edu> wrote:

I would go as far as to argue that the false sense of security
provided by NAT is more dangerous than any current threat that NAT
alone would prevent.


Agreed, and I don't think that's going far at all.  My opinion is
_both_ stateful firewalls and NATs have been responsible for providing
cover for those who fail to secure their endpoints.  Yes, dropping a
choke point in front of X hosts is X times easier than securing the X
hosts.  No, it didn't secure X hosts.

"Outside is dangerous, inside is trusted" is the root of much current
evil.  Breaking end-to-end and encouraging everything that needs it to
jump through ugly hoops such as UDP NAT traversal or carrying all
sorts of non-HTTP over 80 and 443 has made it harder to secure
networks, not easier.

Cheers,
Dave Hart

Current thread:

Re: Arguing against using public IP space, (continued)
- - - Re: Arguing against using public IP space Jay Ashworth (Nov 15)
    - Re: Arguing against using public IP space Joe Greco (Nov 15)
    - Re: Arguing against using public IP space Leigh Porter (Nov 15)
    - Re: Arguing against using public IP space Owen DeLong (Nov 15)
    - Re: Arguing against using public IP space Jay Ashworth (Nov 15)
    - Re: Arguing against using public IP space Mark Andrews (Nov 15)
    - Re: Arguing against using public IP space Karl Auer (Nov 15)
    - Re: Arguing against using public IP space Owen DeLong (Nov 16)
    - Re: Arguing against using public IP space Jay Ashworth (Nov 16)
    - Re: Arguing against using public IP space Ray Soucy (Nov 16)
    - Re: Arguing against using public IP space Dave Hart (Nov 16)
    - Re: Arguing against using public IP space Owen DeLong (Nov 16)
    - Re: Arguing against using public IP space William Herrin (Nov 15)
    - Re: Arguing against using public IP space Mark Andrews (Nov 15)
    - Re: Arguing against using public IP space Jay Ashworth (Nov 15)
    - Re: Arguing against using public IP space Mark Andrews (Nov 15)
    - Re: Arguing against using public IP space Owen DeLong (Nov 16)
    - Re: Arguing against using public IP space -Hammer- (Nov 16)
    - Re: Arguing against using public IP space Owen DeLong (Nov 16)
    - Re: Arguing against using public IP space Ray Soucy (Nov 16)
    - Re: Arguing against using public IP space -Hammer- (Nov 16)

(Thread continues...)