On Fri, Feb 16, 2024 at 5:22 PM Michael Thomas <m...@mtcc.com> wrote: > On 2/16/24 5:05 PM, William Herrin wrote: > > Now, I make a mistake on my firewall. I insert a rule intended to > > allow packets outbound from 2602:815:6001::4 but I fat-finger it and > > so it allows them inbound to that address instead. Someone tries to > > telnet to 2602:815:6001::4. What happens? Hacked. > > Yes, but if the DHCP database has a mistake it's pretty much the same > situation since it could be numbered with a public address.
Um. No. You'd have to make multiple mistakes cross-contaminating your public and private ethernet segments yet somehow without completely breaking your network rendering it inoperable. > NAT is not without its own set of problems, NAT's problems are legion. But the question was whether and how NAT improves the security of a network employing it. Regards, Bill Herrin -- William Herrin b...@herrin.us https://bill.herrin.us/
