On 02/14/2011 11:17 AM, Florin Iucha wrote: > On Mon, Feb 14, 2011 at 10:45:39AM -0600, Justin Krejci wrote: >> Explain how NAT does this? NAT simply mangles the IP headers. >> A stateful firewall can protect you from port scans and other baddies >> without NAT. > > If an attacker can't know your IP address, they can't connect to it. > >> It is bad because it has broken protocols, applications, and end-to-end >> communications and caused much grief and likely loss of functionality in >> various applications because of it, unseen loss of functionality. > > Facebook? Google? Flickr? Netflix? > > It is bad for *you* and *me*, but not for average Joe. Average Joes > vastly outnumber us. Unless we come up with a killer app that AJ > cares about and is broken by IPv4 NAT, then the ISPs will march > forward. Eventually they will run out of money to buy routers > (because of the 64K ports per IPs) but that's next year, not this. > >> I maintain NAT is evil. And even "extending the life of IPv4" is >> debatable as a plus for the overall picture. > > I do not maintain that NAT is beautiful for everybody all the time. > But 'evil' is a loaded term that should be reserved for special occasions. > +1 to all. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 554 bytes Desc: OpenPGP digital signature URL: <http://mailman.mn-linux.org/pipermail/tclug-list/attachments/20110214/91f4f086/attachment.pgp>