Dynamic IP log retention = 0?

Joe Greco jgreco at ns.sol.net
Wed Mar 11 17:46:54 CDT 2009


> On Wed, 11 Mar 2009, Joe Greco wrote:
> > In our neighbourhood, we don't have a high crime rate.  Despite that,
> > if we saw someone walking from house to house, trying doorknobs, we'd
> > call the cops.  The fact that everyone has locks on their doors does
> > not make it all right for someone to go around from house to house to
> > see if they're all locked.
> 
>   However, it's not illegal, AFAIK.  It's only illegal if you enter.  Either
>   that, or I'm gonna go prosecute some Girl Scouts.

It may not be technically illegal, but I'd bet hard cash that our local 
cops would find a way to put you in cuffs and haul you in.  Girl Scouts
are probably going to be treated a bit different than random adults who
have no reasonable explanation to be trying the knobs.  Girl Scouts could
possibly be excused as not knowing any better.

>   More relatedly, is there some sort of obligation with IPv6 to move all of
>   your NAT'ed hosts away from NAT? 

No.  There's also no obligation with a loaded shotgun to not point it at
your foot.  You can do it, you can pull the trigger.

NAT has many drawbacks, especially including a whole bunch of shortcomings
where workarounds are required for various protocols due to our insistence
on inflicting the brokenness of NAT on the world.  These are all well
documented.

http://www.circleid.com/posts/nat_just_say_no/

etc.

>   Just because you can doesn't make it a
>   good idea.  I agree, NAT != security, but it does give one a single point
>   to manage those hosts behind it.

So's a firewall.  Nobody is suggesting that we throw out the baby with 
the bathwater.  But the bathwater's old and stinky, and is a severe
impediment to growth at this point.

... JG
-- 
Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
"We call it the 'one bite at the apple' rule. Give me one chance [and] then I
won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN)
With 24 million small businesses in the US alone, that's way too many apples.




More information about the NANOG mailing list