lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <004801c36210$263cbf60$550ffea9@rms>
From: rms at computerbytesman.com (Richard M. Smith)
Subject: Microsoft urging users to buy Harware Firewalls 

Context is important.  We are talking about home computers here.  IPSEC
and multiple servers aren't very relavent to most home computer users.
If someone has more than one computer on a home network, they probably
already have a NAT box to share the network connection.  The suggestion
here is that for folks who are running only one computer should also get
a NAT box if they are connecting to the Internet via a cablemodem or DSL
connection.  NAT boxes have this nice characteristic that they act as a
firewall.

Richard

-----Original Message-----
From: Valdis.Kletnieks@...edu [mailto:Valdis.Kletnieks@...edu] 
Sent: Wednesday, August 13, 2003 10:18 PM
To: Richard M. Smith
Cc: full-disclosure@...ts.netsys.com
Subject: Re: [Full-Disclosure] Microsoft urging users to buy Harware
Firewalls 


On Wed, 13 Aug 2003 20:04:47 EDT, "Richard M. Smith"
<rms@...puterbytesman.com>  said:

> Windows directory from being accessed from the Internet.  My only
> question is why aren't NAT routers built into all cable and DSL
modems.

Because NAT is *not* a be-all and end-all.  NAT *does* break things.

You can't easily do IPSec through a NAT (meaning you need to do some
tap-dancing
if you want to VPN from one).

NAT breaks a lot of end-to-end stuff - for instance, if you have a NAT,
it's *REALLY*
hard to have 2 different machines running servers on the same port.

http://www.ietf.org/rfc/rfc3027.txt?number=3027 for all the gory details


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ