On Mon, Feb 14, 2011 at 10:45:39AM -0600, Justin Krejci wrote:
> Explain how NAT does this? NAT simply mangles the IP headers.
> A stateful firewall can protect you from port scans and other baddies
> without NAT.
If an attacker can't know your IP address, they can't connect to it.
> It is bad because it has broken protocols, applications, and end-to-end
> communications and caused much grief and likely loss of functionality in
> various applications because of it, unseen loss of functionality.
Facebook? Google? Flickr? Netflix?
It is bad for *you* and *me*, but not for average Joe. Average Joes
vastly outnumber us. Unless we come up with a killer app that AJ
cares about and is broken by IPv4 NAT, then the ISPs will march
forward. Eventually they will run out of money to buy routers
(because of the 64K ports per IPs) but that's next year, not this.
> I maintain NAT is evil. And even "extending the life of IPv4" is
> debatable as a plus for the overall picture.
I do not maintain that NAT is beautiful for everybody all the time.
But 'evil' is a loaded term that should be reserved for special occasions.
Cheers,
florin
--
Bruce Schneier expects the Spanish Inquisition.
http://geekz.co.uk/schneierfacts/fact/163
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://mailman.mn-linux.org/pipermail/tclug-list/attachments/20110214/8cde70f3/attachment.pgp>