Re: 56k dial up on laptop 802.11G ?


"Jeff Liebermann" <jeffl@xxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:no8ge19j4m06uor610u67me8ejj40dmbdt@xxxxxxxxxx
> On Wed, 27 Jul 2005 20:17:11 GMT, Duane Arnold <notme@xxxxxxxxx>
> wrote:
>
>>And I agree to disagree here about NAT. NAT is not FW software.
>
> Well, that depends on whether you subscribe to my definition of a
> firewall. The way I understand the moving target definition, a
> firewall is literally anything that defends your network against
> external attack. It could be a guard dog that's trained to sniff
> hostile packets and bark when they appear. Whatever works.
>
>>By comparing the way NAT functions between two networks, and the way
>>packet screening methods function between two networks, you can see that
>>NAT does not adhere to the firewall definition.
>
> Agreed, by your definition that's correct. However, I don't subscribe
> to your definition of a firewall, which describes how a firewall
> operates, without recognizing what a firewall does. It's a rather
> fine distinction and subject to considerable creativity in
> interpretation. However, I don't see any reason you couldn't be more
> specific in the type of firewall by adding the appropriate qualifier.
> NAT firewall
> SPI firewall
> packet filter firewall
> bastion host firewall
> dual bastion host with DMZ firewall
> proxy server firewall
> barking guard dog sniffer firewall
> Depending upon whom you ask, all or some of these are considered
> "true" firewalls.
>
>>NAT does not control
>>access between the networks. Some may argue that NAT does control access
>>because you cannot "see" the internal network. NAT does this not by using
>>rules or filters, however, but through concealment. It hides the network
>>from outside users.
>
> That's what I was going to say. If you can't "see", "access", or
> "hack" my LAN, it must have some kind of firewall protecting it. How
> it does the job is irrelevant. It's still a firewall.
>
> Actually, there's another problem. If an NAT firewall is not a real
> firewall, what is it? To the best of my knowledge, there's no trade
> name or function definition for NAT other than "NAT firewall". Did I
> miss (or forget) one?
>
> Incidentally, please cite the source if you're going to quote, borrow,
> plagiarize, or paraphrase. I've seen far too many partial quotes
> taken out of context.
>
>>Packet filtering firewalls allow a direct connection to be made between
>>the two endpoints.
>
> Absolute baloney. There's nothing in a firewall that connects
> anything. It's the router function that provides the end to end
> connection. The firewall doesn't connect anything. There are purists
> that will proclaim that NAT is an abomination because it breaks the
> end to end connection definition required for "real" TCP/IP
> networking. I don't subscribe to this exception, but you won't have
> much trouble finding people that agree.

http://www.more.net/technical/netserv/tcpip/firewalls/


There you go about where I got it from and are you a FW .

>
>>Although this type of packet screening is configured
>>to allow or deny traffic between two networks, the client/server model is
>>never broken.
>
> Right. Now, how does this differ *in* *FUNCTION* with an NAT
> firewall? As far as I can determine, they serve exactly the same
> purpose. Again, it really depends on whether you subscribe to my
> functional definition. Apparently you do not.
>
>>And I consider the FW appliance to out class the packet filtering NAT
>>router with SPI, because the FW appliance's architecture resembles the
>>packet filtering router and dual-homed Gateway architectures and is able
>>to look at a deeper level along with other things like actually breaking
>>the client/server model between two end points, providing services etc.
>
> I'll happily discuss the relative merits of various firewall
> architectures if you want. However, that's not the current issue.
> It's whether an NAT firewall is considered a "real" firewall and
> whether the WRT54G is a "real" firewall. Floyd and I say they are and
> you say they're not.
>
>>However, I got nothing against NAT routers. They are a good first line of
>>defense, until you start doing high risk things like port forwarding.
>
> There's other ways of breaking NAT firewalls. Spoofing source
> addresses that appear to be coming from inside the firewall are a good
> start. Automatic port forwarding, as in Universal Plug-n-Play is
> another fundamental security problem. Yeah, they're not the greatest
> but it doesn't take much to make them secure enough for home use.
>
>>There is something to be said about book and practical knowledge I use
>>them both and I have been doing so since 1971 when I first entered the
>>computer industry.
>
> Well, I did battle with my first computah in about 1965 with the IBM
> 1620. I then graduated to the 7090 and 1140. When IBM wouldn't hire
> me as a customer engineer, I switched to radio and didn't get back
> into computahs until about 1976 with various timeshare services. The
> first PC was an Apple ][, Apple III, TRS-80 (various models), Vic-20,
> assorted S100 kludges, and finally, in 1981, I bought the first IBM PC
> to be sold out the door at the Santa Clara Computerland. In 1983, I
> celebrated getting fired from a job by declaring myself a consultant
> simultaneously in RF and computers, which I've been doing through
> today. There were a bunch of diversions in there, but they have
> little to do with RF or computers.
>
>>BTW, Linux is not the greatest thing since *Air, Water and Fire*. ;-)
>
> What makes you think I'm a Linux fanatic? My forte is SCO Unix
> OpenServer 5, ODT 3.2v4.2, and Xenix. I are not a programmist. I'm
> doing Linux because it's a good fit for most of my customers, because
> I'm greedy and can get it free, and because SCO did some really
> politically incorrect things. If you dive into comp.unix.sco.misc,
> you'll find quite a bit of my postings. I didn't even bother with
> alternative firmware for the WRT54G until Floyd convinced me it was
> worth my time trying and learning.
>
>

That's some pretty bold statements up above there. Below is where I got my
information. Read it and tear it a part if you can. It's the same
information I have gotten from the firewallers in the FW NG.

http://www.more.net/technical/netserv/tcpip/firewalls/

And I'll stick by my guns as to what it's talking about.

Duane :)



.

Relevant Pages

  • Re: Linksys WRT54G and Firewall software
    ... but, if you take your laptop to other networks it ... The NAT does block incoming connections. ... The XP SP2 firewall does block all incoming connections when configured with no exceptions. ... That does not explain why the computer would need another firewall from the XP SP2 FW when it is connected to other networks. ...
    (comp.security.firewalls)
  • Re: suggestions on router w/firewall
    ... of using NAT, even with SPI, as a firewall method. ... describe standard NAT as a firewall service. ... That sentence refers to four concepts: NAT, router, simple packet filtering, ... created port table to packet header info, and NAT does change the packet. ...
    (comp.security.firewalls)
  • Re: Need Mac and PC Firewall S/W
    ... >> Exactly what equipment is Verizon providing? ... That would mean that you are behind a NAT firewall. ... > By comparing the way NAT functions between two networks, ...
    (comp.security.firewalls)
  • Re: home network behind NAT and firewall ?
    ... >> real Firewall appliance with more than 20 systems at any given time. ... >> firewall provides for the ability to assign both public (not nat) and ... that would reset the router and allow remote control - it was noted ... >> LAN inside their network and it would never have to reach the ISP's ...
    (comp.security.firewalls)
  • Re: NAT vs. True Firewalls
    ... not just mean packet filter. ... A firewall can be made up of one or more ... components that can block or filter protocol traffic between two networks. ... So a NAT can be as much part of a firewall implementation as the ...
    (comp.security.firewalls)