On Thu, 8 Aug 2002, Shachar Shemesh wrote: > C. As a general rule, I wish people would stop looking at NAT as a > security device. NAT IS NOT A SECURITY DEVICE!! NAT is just a way to get > more IPs in this tough no-ips world of IPv4.
Specifically: A NAT router has an added-value security feature: it "hides" your internal network, and thus makes it much harder to get through it. But... * If the NAT router is not well made, it may allow "specially-crafted" packets to slip-through. * if the NAT router is not well made, it may allow a remote atacker to completely take over it, and thus expose your whole internal network * Even if you cannot initiate a simple incomming connection, there may be other ways to get in: e.g: by sending a message with some javascript code to be executed by a mailer that happens to execute it. -- Tzafrir Cohen mailto:[EMAIL PROTECTED] http://www.technion.ac.il/~tzafrir ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
