On Wed, 11 Mar 2009 07:53:01 -0800, Marcus Reid said: > A quick scan of the reverse mapping for your address space in DNS reveals > that you have basically your entire network on public addresses. No wonder > you're worried about portscans when the printer down the hall and the > receptionists machine are sitting on public addresses. I think you are > trying to secure your network from the wrong end here.
You *do* realize that "has a public address" does not actually mean that the machine is reachable from random addresses, right? There *are* these nice utilities called iptables and ipf - even Windows and Macs can be configured to say "bugger off" to unwanted traffic. And you can put a firewall appliance inline without using NAT as well.
pgpXjezqNw16b.pgp
Description: PGP signature