[c-nsp] "extendable, incomplete" NAT entries
Gert Doering
gert at greenie.muc.de
Tue Oct 13 10:51:16 EDT 2015
Hi,
On Tue, Oct 13, 2015 at 05:40:08PM +0300, oldnick wrote:
> Main problem is that with such entries present in the NAT table, inside host is reachable from the
> outside by global address, and this is obvious security flaw.
Your *problem* is a funny security architecture, relying on NAT... ;-)
But without seeing the actual configuration of the routers, it is just
a bit hard to comment where the "extensible" part is coming from - it
could just be configured that way.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 291 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20151013/78e60c2a/attachment.sig>
More information about the cisco-nsp
mailing list