[e2e] Re: NAT usage at large companies
rja at extremenetworks.com
Thu Oct 17 23:27:05 PDT 2002
On Thursday, Oct 17, 2002, several different folks wrote roughly:
> In our case NATing is performed ... for security...
Unfortunately, it is a misunderstanding to believe that NAT
provides any security improvement...
It is generally possible for an attacker to piggyback network
attacks on sessions for which NAT session state predictably exists.
Users are often surprised at how predictable such session state
happens to be.
NAT without some other kind of security (e.g. stateful packet
inspection firewall) does not provide meaningful security.
More information about the end2end-interest