On 02/14/2011 11:17 AM, Florin Iucha wrote:
> On Mon, Feb 14, 2011 at 10:45:39AM -0600, Justin Krejci wrote:
>> Explain how NAT does this? NAT simply mangles the IP headers.
>> A stateful firewall can protect you from port scans and other baddies
>> without NAT.
> 
> If an attacker can't know your IP address, they can't connect to it.
> 
>> It is bad because it has broken protocols, applications, and end-to-end
>> communications and caused much grief and likely loss of functionality in
>> various applications because of it, unseen loss of functionality.
> 
> Facebook?  Google?  Flickr?  Netflix?
> 
> It is bad for *you* and *me*, but not for average Joe.  Average Joes
> vastly outnumber us.  Unless we come up with a killer app that AJ
> cares about and is broken by IPv4 NAT, then the ISPs will march
> forward.  Eventually they will run out of money to buy routers
> (because of the 64K ports per IPs) but that's next year, not this.
> 
>> I maintain NAT is evil. And even "extending the life of IPv4" is
>> debatable as a plus for the overall picture.
> 
> I do not maintain that NAT is beautiful for everybody all the time.
> But 'evil' is a loaded term that should be reserved for special occasions.
> 
+1 to all.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 554 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.mn-linux.org/pipermail/tclug-list/attachments/20110214/91f4f086/attachment.pgp>