mh (RE: OMB: IPv6 by June 2008)

• Previous message (by thread): mh (RE: OMB: IPv6 by June 2008)
• Next message (by thread): mh (RE: OMB: IPv6 by June 2008)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Jul 7, 2005, at 3:41 PM, Andre Oppermann wrote:

>
> Fergie (Paul Ferguson) wrote:
> >
>> I'd have to counter with "the assumption that NATs are going
>> away with v6 is a rather risky assumption." Or perhaps I
>> misunderstood your point...
>
> There is one thing often overlooked with regard to NAT.  That is,
> it has prevented many network based worms for millions of home
> users behind NAT devices.  Unfortunatly this fact is overlooked
> all the time.  NAT has its downsides but also upsides sometimes.

Yes, but keep in mind that this benefit is completely unrelated to 
NAT's purpose as an address space extender.  A stateful firewall with a 
very simple rule (permit anything originated from the inside, deny 
anything from outside except a few pesky protocols) would accomplish 
exactly the same goal.

And it would be much easier to punch holes through when you needed to.

 From my perspective, the biggest benefit from home NAT devices is that 
they were a vehicle for delivering such a firewall to millions of 
windows boxes.  Unfortunately, this drug comes with a number of harmful 
side effects, including nausea, blurred vision, and the inability to 
deploy a number of new protocols.

   -Dave

• Previous message (by thread): mh (RE: OMB: IPv6 by June 2008)
• Next message (by thread): mh (RE: OMB: IPv6 by June 2008)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]