On Thu, 4 Apr 2002, Janbaz Qamar wrote: > However, NAT makes your private network invisible from the Internet and > allows you to use private address definitions behind the firewall. Using > the same IP on both sides is just opposite of NAT, it exposes your > private network to the Internet. Hope this helps.
The type exposure is similar in absolute terms given the same ruleset. There's nothing inherrantly not routable in the RFC1918 address space, and if you're doing NAT at the border, the NAT'd devices are still reachable via NAT or via a compromised device on the network. There's less window of oppertunity for an attacker, but it's still the same sort of window. For packet filters, the exposure for RFC1918 addresses is perhaps less in terms of frequency of attack oppertunities. For proxies, the addressing makes no difference assuming the proxy doesn't route packets. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions [EMAIL PROTECTED] which may have no basis whatsoever in fact." _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
