the alleged evils of NAT, was Rate of growth on IPv6 not fast enough?
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Tue Apr 27 20:31:05 UTC 2010
On Tue, 27 Apr 2010 14:54:07 EDT, Jon Lewis said:
> I think you forget where most networking is done. Monitoring? You mean
> something beyond walking down the hall to the network closet and seeing
> all the blinking lights are flashing really fast?
That site will manage to chucklehead their config whether or not it's NAT'ed.
> How about the typical home DSL/Cable modem user?
And they won't manage to chucklehead their config, even if it's not NAT'ed.
> Do you think they even
> know what SNMP is? Do you think they have host based firewalls on all
> their PCs?
Hmm... Linux has a firewall. MacOS has a firewall. Windows XP SP2 or later
has a perfectly functional firewall out of the box, and earlier Windows had
a firewall but it didn't do 'default deny inbound' out of the box.
Those people with XBoxes and Playstations and so on can take it up with their
vendors - they were certainly *marketed* as "plug it in and network", and at
least my PS/2 and PS/3 didn't come with a "Warning: Do Not Use Without a NAT"
sticker on them.
So who doesn't have a host-based firewall in 2010? The idea is old enough
that it's *really* time to play name-and-blame.
> Do you want mom and dad's PCs exposed on the internet, or
> neatly hidden behind a NAT device they don't even realize is built into
> their cable/DSL router?
Be careful here - I know that at least in my neck of Comcast cable, you can go
to Best Buy, get a cablemodem, plug the cable in one side, plug an ethernet and
one machine in the other side, and be handed a live on-the-network DHCP address
that works just fine except for outbound port 25 being blocked. For the past
month or so, my laptop has gotten 71.63.92.124 every night when I get home,
which certainly doesn't look very NAT'ed.
Are you *really* trying to suggest that a PC is not fit-for-purpose
for that usage, and *requires* a NAT and other hand-holding?
And for the record - I don't worry about my mother's PC being exposed on the
Internet, because she's running Vista, which has a sane firewall by default.
What *does* worry me is that she's discovered Facebook, and anything she clicks
on there will not have the *slightest* bit of trouble whomping her machine
through a NAT.
Let's be realistic - what was the last time we had a *real* threat that a
NAT would have stopped but the XP SP2 firewall would not have stopped? And
how many current threats do we have that are totally NAT-agnostic?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20100427/e1a95b8a/attachment.sig>
More information about the NANOG
mailing list