|
|
|
|
|
|
by throw0101a
2 days ago
|
|
|
> I've only read that on HN, I've never heard this anywhere else. Well-regarded networking architect, author, and instructor: * https://blog.ipspace.net/2011/12/is-nat-security-feature/ > NAT works and passes the grandma test. So does my Asus with a default deny IPv6 rule on incoming connections. You're more likely to click on a link that installs malware that attacks your network from the inside, and that attack works regardless of IPv4 or IPv6. Treating a firewall as some impenetrable moat has not been network security practice for a decade(+), and waving around RFC 1918 address space like systems with a 10.8 or 192.168/16 can't get infected is lazy thinking. It leads to complacency: I'm behind NAT, I'm safe. |
|
|