[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Is NAT can provide some kind of protection?

Subject: Is NAT can provide some kind of protection?
From: khelms at ispalliance.net (Scott Helms)
Date: Wed, 12 Jan 2011 16:05:42 -0500
In-reply-to: <[email protected]>
References: <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]>

>
> That's simply not true. Every end user running NAT is running a stateful firewall with a default inbound deny.

Really?  I just tested this with 8 different router models from 5 
different manufacturers and in all cases the default behavior was the 
same.  Put a public IP on a PC behind the router, tell the router how to 
connect (DHCP in this case), and leaving everything else as default 
meant that all traffic to the public IP was allowed through unless I 
configured rules.  One of the Netgear models (IIRC) did block ICMP but 
any TCP or UDP traffic was allowed through.  Now, this certainly isn't 
an exhaustive test, but it tested the devices we needed checked.  If 
someone knows of a model that does block incoming (non-established TCP) 
traffic by default I'd like to know about it.  That's especially true of 
combo DSL modem routers.


-- 
Scott Helms
Vice President of Technology
ISP Alliance, Inc. DBA ZCorum
(678) 507-5000
--------------------------------
Looking for hand-selected news, views and
tips for independent broadband providers?

Follow us on Twitter! http://twitter.com/ZCorum
--------------------------------

Follow-Ups:
- Is NAT can provide some kind of protection?
  - From: jbates at brightok.net (Jack Bates)
- Is NAT can provide some kind of protection?
  - From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks at vt.edu)
- Is NAT can provide some kind of protection?
  - From: owen at delong.com (Owen DeLong)

References:
- Is NAT can provide some kind of protection?
  - From: tariq198487 at hotmail.com (Tarig Ahmed)
- Is NAT can provide some kind of protection?
  - From: bill at herrin.us (William Herrin)
- Is NAT can provide some kind of protection?
  - From: owen at delong.com (Owen DeLong)
- Is NAT can provide some kind of protection?
  - From: fergdawgster at gmail.com (Paul Ferguson)
- Is NAT can provide some kind of protection?
  - From: owen at delong.com (Owen DeLong)
- Is NAT can provide some kind of protection?
  - From: khelms at ispalliance.net (Scott Helms)
- Is NAT can provide some kind of protection?
  - From: owen at delong.com (Owen DeLong)

Prev by Date: TeliaSonera US contact?
Next by Date: Is NAT can provide some kind of protection?
Previous by thread: Is NAT can provide some kind of protection?
Next by thread: Is NAT can provide some kind of protection?
Index(es):
- Date
- Thread