Nathan Ward wrote:
On 5/06/2007, at 9:29 PM, <[EMAIL PROTECTED]>
<[EMAIL PROTECTED]> wrote:
I posit that a screen door does not provide any security.
"Any" is too strong a word. For people living in an area with
malaria-carrying mosquitoes, that screen door may be more important for
s
On Monday 04 June 2007 18:06, Owen DeLong wrote:
> On Jun 4, 2007, at 1:41 PM, David Schwartz wrote:
> >> On Jun 4, 2007, at 11:32 AM, Jim Shankland wrote:
> >>> Owen DeLong <[EMAIL PROTECTED]> writes:
> There's no security gain from not having real IPs on machines.
> Any belief that the
On 6/5/07, David Schwartz <[EMAIL PROTECTED]> wrote:
Combined responses to save bandwidth and hassle (and number of times you
have to press 'd'):
--
> Just because it's behind NAT, does not mean it's unreahcable from the
internet:
Okay, so exactly how many times do you think we have to say
On 6/4/07, David Schwartz <[EMAIL PROTECTED]> wrote:
> I posit that a screen door does not provide any security. A lock and
> deadbolt provide some security. NAT/PAT is a screen door.
This is a fine piece of rhetoric, but it's manifestly false and seriously
misleading.
Hi, David
I think the
On 5/06/2007, at 9:29 PM, <[EMAIL PROTECTED]>
<[EMAIL PROTECTED]> wrote:
I posit that a screen door does not provide any security.
"Any" is too strong a word. For people living in an area with
malaria-carrying mosquitoes, that screen door may be more important
for
security than a sol
Combined responses to save bandwidth and hassle (and number of times you
have to press 'd'):
--
> Just because it's behind NAT, does not mean it's unreahcable from the
internet:
Okay, so exactly how many times do you think we have to say in this thread
that by "NAT/PAT", we mean NAT/PAT as typ
Surely that second quote should be "crap, now macrumors can tell that one
person in our office follows them obsessively"? Unless there's
publically-available information that indicates that IP address is your
CEO's (which is a whole other topic -- publically available rDNS for
company-internal
DS> Date: Mon, 4 Jun 2007 16:27:14 -0700
DS> From: David Schwartz
[ snipped throughout ]
DS> I can give you the root password to a Linux machine running telnetd
DS> and sshd. If it's behind NAT/PAT, you will not get into it. Period.
DS>
DS> I can give you the administrator password to a Window
I can give you the root password to a Linux machine running telnetd and
sshd. If it's behind NAT/PAT, you will not get into it. Period.
I'll give you root password to a half a dozen directly connected Linux
boxes and you still won't be able to get in.
I can give you the administrator passwor
On 6/4/07, David Schwartz <[EMAIL PROTECTED]> wrote:
I can give you the root password to a Linux machine running telnetd and
sshd. If it's behind NAT/PAT, you will not get into it. Period.
Just because it's behind NAT, does not mean it's unreahcable from the internet:
Fenrir:~% telnet ipv4.
On Mon, Jun 04, 2007 at 04:27:14PM -0700, David Schwartz wrote:
> > I posit that a screen door does not provide any security. A lock and
> > deadbolt provide some security. NAT/PAT is a screen door.
> > Not having public addresses is a screen door. A stateful inspection
> > firewall is a lock an
On Mon, Jun 04, 2007 at 08:12:45PM +0100, Colm MacCarthaigh wrote:
> The argument can go either way, you can spin it as a benefit for the
> network operator ("wow, user activity and problems are now more readily
> identifiable and trackable") or you can see it as an organisational
> privacy issue
On Mon, Jun 04, 2007 at 03:31:00PM -0500, Larry Smith wrote:
>
> On Monday 04 June 2007 13:54, [EMAIL PROTECTED] wrote:
> > On Mon, 04 Jun 2007 11:32:39 PDT, Jim Shankland said:
> > > *No* security gain? No protection against port scans from Bucharest?
> > > No protection for a machine that is u
> I posit that a screen door does not provide any security. A lock and
> deadbolt provide some security. NAT/PAT is a screen door.
> Not having public addresses is a screen door. A stateful inspection
> firewall is a lock and deadbolt.
This is a fine piece of rhetoric, but it's manifestly fals
> I posit that a screen door does not provide any security. A lock and
> deadbolt provide some security. NAT/PAT is a screen door.
> Not having public addresses is a screen door. A stateful inspection
> firewall is a lock and deadbolt.
It's tedious getting in and out with a lock and a deadbolt
Sorry, Owen, but your argument is ridiculous. The original statement was
"[t]here's no security gain from not having real IPs on machines". If
someone said, "there's no security gain from locking your doors", would you
refute it by arguing that there's no security gain from locking your doors
th
Sure, NAT can't prevent users from running with scissors, but sometimes it
does block the scissors thrown at the back of their neck whilst they are
sleeping :)
On 6/4/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
On Mon, 04 Jun 2007 12:20:38 PDT, Jim Shankland said:
> I can't pass over Vald
On Monday 04 June 2007, [EMAIL PROTECTED] wrote:
> Nope. Zip. Zero. Ziltch. Nothing over and above what a good properly
> configured stateful *non*-NAT firewall should be doing for you already.
Since when are CPE devices 'properly' configured?
--
Lamar Owen
Chief Information Officer
Pisgah Astr
On Mon, Jun 04, 2007 at 12:20:38PM -0700, Jim Shankland wrote:
> But NAT *requires* stateful inspection; and the many-to-one, port
> translating NAT in common use all but requires affirmative steps
> to be taken to relay inbound connections to a designated, internal
> host -- the default ends up b
At 03:20 PM 6/4/2007, Jim Shankland wrote:
[EMAIL PROTECTED] writes:
> On Mon, 04 Jun 2007 11:32:39 PDT, Jim Shankland said:
> > *No* security gain? No protection against port scans from Bucharest?
> > No protection for a machine that is used in practice only on the
> > local, office LAN? O
On Mon, 04 Jun 2007 11:32:39 PDT, Jim Shankland said:
> *No* security gain? No protection against port scans from Bucharest?
> No protection for a machine that is used in practice only on the
> local, office LAN? Or to access a single, corporate Web site?
Nope. Zip. Zero. Ziltch. Nothing over a
Jim Shankland wrote:
> Owen DeLong <[EMAIL PROTECTED]> writes:
> > There's no security gain from not having real IPs on machines.
> > Any belief that there is results from a lack of understanding.
>
> This is one of those assertions that gets repeated so often people
> are liable to start believi
On Jun 4, 2007, at 11:32 AM, Jim Shankland wrote:
Owen DeLong <[EMAIL PROTECTED]> writes:
There's no security gain from not having real IPs on machines.
Any belief that there is results from a lack of understanding.
This is one of those assertions that gets repeated so often people
are liabl
On 4-Jun-2007, at 14:32, Jim Shankland wrote:
Shall I do the experiment again where I set up a Linux box
at an RFC1918 address, behind a NAT device, publish the root
password of the Linux box and its RFC1918 address, and invite
all comers to prove me wrong by showing evidence that they've
succ
24 matches
Mail list logo
