[arin-discuss] Trying to Understand IPV6

Jon Radel jradel at vantage.com
Mon Sep 13 17:28:55 EDT 2010



On 9/13/10 5:13 PM, Mike Lieberman wrote:
> Matthew! Good heavens, no technology is the panacea. Yes with
> NAT/CiscoASA5500/and AV software my 12 yo daughter does a fine job of making a
> mess on her PC... But to suggest that NATs don't knock down a huge amount of
> unwanted traffic is simply unrealistic.
>
> Stateful firewalls can only knock down what they are looking for. Yes proper
> rules the in/out traffic with internal public IP can work nicely, but they are
> far more susceptible to really bad results if done wrong...
You'd be amazed what people with SOHO routers can do to circumvent NAT.  
Not too long ago I worked with a very annoyed VOIP customer who wanted 
to know why his phone kept ringing with wrong numbers and weird caller 
ids.  Turns out he thought it would be a useful thing to port forward 
all SIP traffic arriving at the outside interface to his phone.  So much 
for NAT.
> Good solutions are the ones that continue to provide better protection were
> improperly implemented.
Some believe that good solutions are those where the benefits outweigh 
the costs, not simply those where there is some benefit.

--Jon Radel

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3648 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.arin.net/pipermail/arin-discuss/attachments/20100913/0b8a9ffa/attachment.p7s>


More information about the ARIN-discuss mailing list