On Thu, 2003-10-30 at 09:22, Scott McGrath wrote: > That was _exactly_ the point I was attempting to make. If you recall > there was a case recently where a subcontractor at a power generation > facility linked their system to an isolated network which gave > unintentional global access to the isolated network. a NAT at the > subcontrator's interface would have prevented this.
So would have a stateful firewall set to keep state, default deny inbound. This is how customer grade firewall products should work with NAT disabled, although they probably don't. -Paul -- Paul Timmins <[EMAIL PROTECTED]>
