> > NAT is a denial of service attack, not a means of policy enforcement. > > I don't think this is really accurate. > > The difference between denial of service and policy enforcement > is primarily a question of authorization. Since the people who > install NAT generally own the networks in question, characterizing > NAT as a DoS attack doesn't really seem right. people who run virus-laden programs are doing so because they want the advertised functionality of that program, not because they want to infect their systems or spread the virus. people who use Microsoft mail readers do so because they want to read mail, not because they want to expose their systems to attack. similarly, people who install NAT usually don't realize how much this costs them in lost functionality and reliability. perhaps DoS isn't quite the right term, but it's not far off.