Dynamic IP log retention = 0?
Joe Greco
jgreco at ns.sol.net
Wed Mar 11 22:46:54 UTC 2009
> On Wed, 11 Mar 2009, Joe Greco wrote:
> > In our neighbourhood, we don't have a high crime rate. Despite that,
> > if we saw someone walking from house to house, trying doorknobs, we'd
> > call the cops. The fact that everyone has locks on their doors does
> > not make it all right for someone to go around from house to house to
> > see if they're all locked.
>
> However, it's not illegal, AFAIK. It's only illegal if you enter. Either
> that, or I'm gonna go prosecute some Girl Scouts.
It may not be technically illegal, but I'd bet hard cash that our local
cops would find a way to put you in cuffs and haul you in. Girl Scouts
are probably going to be treated a bit different than random adults who
have no reasonable explanation to be trying the knobs. Girl Scouts could
possibly be excused as not knowing any better.
> More relatedly, is there some sort of obligation with IPv6 to move all of
> your NAT'ed hosts away from NAT?
No. There's also no obligation with a loaded shotgun to not point it at
your foot. You can do it, you can pull the trigger.
NAT has many drawbacks, especially including a whole bunch of shortcomings
where workarounds are required for various protocols due to our insistence
on inflicting the brokenness of NAT on the world. These are all well
documented.
http://www.circleid.com/posts/nat_just_say_no/
etc.
> Just because you can doesn't make it a
> good idea. I agree, NAT != security, but it does give one a single point
> to manage those hosts behind it.
So's a firewall. Nobody is suggesting that we throw out the baby with
the bathwater. But the bathwater's old and stinky, and is a severe
impediment to growth at this point.
... JG
--
Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
"We call it the 'one bite at the apple' rule. Give me one chance [and] then I
won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN)
With 24 million small businesses in the US alone, that's way too many apples.
More information about the NANOG
mailing list