Re: Let's talk about yum and p2p in Fedora

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Dec 27, 2010 at 12:41 PM, Joe Zeff <joe@xxxxxxx> wrote:
> On 12/27/2010 09:15 AM, Patrick O'Callaghan wrote:
>>
>> Actually IIRC you have that the wrong way round. NAT was invented to
>> deal with address space exhaustion, and had the side-effect of hiding
>> machines behind the router.
>
> Before somebody steps in again to point out that NAT isn't a firewall,
> I'd like to give my perspective on it. If your router uses NAT and only
> forwards those ports you've told it to (and then, each port only goes to
> one machine) port scanners can't find your machines because nothing
> responds to their attempts to connect. And, of course, even if you have
> malware trying to act as some sort of server it won't do any good unless
> your machine initiates the connection. No, this isn't a firewall, but
> it's better than having your box sitting on the net completely exposed.
> Consider NAT as one layer of protection in a properly designed and
> implemented defense in depth.

NAT doesn't have anything to do with security.

In your example above, what's the difference between scanning your NAT
box for open ports and having them forwarded by the NAT box to a box
on your internal network or scanning a publicly accessible box on your
internal network directly?

The firewall's the only defense in both cases.
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux