I have always viewed NAT as a "Security through obscurity" TCP/IP process. It is not a good idea to view NAT as a security practice but as a way to gang up multiple unroutable IP's onto a single routable address.<br>
<br>Security is a process, not a product.<br><br><div class="gmail_quote">On Mon, Nov 10, 2008 at 11:25 AM, Jim Popovitch <span dir="ltr"><<a href="mailto:yahoo@jimpop.com">yahoo@jimpop.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div class="Ih2E3d">2008/11/10 Michael H. Warfield <<a href="mailto:mhw@wittsend.com">mhw@wittsend.com</a>>:<br>
</div><div class="Ih2E3d">> NAT provides no security that isn't present in a stateful firewall.<br>
<br>
</div>So NAT does provide some level of security?<br>
<br>
I think you are making my point that NAT is a level of improved<br>
security over a situation of no firewall and publicly accessible IPs<br>
(common colo situation).<br>
<div><div></div><div class="Wj3C7c"><br>
-Jim P.<br>
_______________________________________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br>-- <br>James P. Kinney III <br><br>