mh (RE: OMB: IPv6 by June 2008)
David Andersen
dga+ at cs.cmu.edu
Thu Jul 7 19:51:59 UTC 2005
On Jul 7, 2005, at 3:41 PM, Andre Oppermann wrote:
>
> Fergie (Paul Ferguson) wrote:
> >
>> I'd have to counter with "the assumption that NATs are going
>> away with v6 is a rather risky assumption." Or perhaps I
>> misunderstood your point...
>
> There is one thing often overlooked with regard to NAT. That is,
> it has prevented many network based worms for millions of home
> users behind NAT devices. Unfortunatly this fact is overlooked
> all the time. NAT has its downsides but also upsides sometimes.
Yes, but keep in mind that this benefit is completely unrelated to
NAT's purpose as an address space extender. A stateful firewall with a
very simple rule (permit anything originated from the inside, deny
anything from outside except a few pesky protocols) would accomplish
exactly the same goal.
And it would be much easier to punch holes through when you needed to.
From my perspective, the biggest benefit from home NAT devices is that
they were a vehicle for delivering such a firewall to millions of
windows boxes. Unfortunately, this drug comes with a number of harmful
side effects, including nausea, blurred vision, and the inability to
deploy a number of new protocols.
-Dave
More information about the NANOG
mailing list