Keith Moore <moore@cs.utk.edu> writes:
> > > NAT is a denial of service attack, not a means of policy enforcement.
> >
> > I don't think this is really accurate.
> >
> > The difference between denial of service and policy enforcement
> > is primarily a question of authorization. Since the people who
> > install NAT generally own the networks in question, characterizing
> > NAT as a DoS attack doesn't really seem right.
>
> people who run virus-laden programs are doing so because they want the
> advertised functionality of that program, not because they want to infect
> their systems or spread the virus. people who use Microsoft mail readers do
> so because they want to read mail, not because they want to expose their
> systems to attack.
Yes, I totally agree with that. What's your point?
> similarly, people who install NAT usually don't realize how much this
> costs them in lost functionality and reliability.
Really? You have evidence of this?
I don't either, but my intuition is that you're wrong. Once you have
decided to have a firewall in place (which you may think is evil, but
I consider pretty much a necessary evil), I suspect that most people
suffer almost not at all from having a NAT.
> perhaps DoS isn't quite the right term, but it's not far off.
I'm not sold.
-Ekr
--
[Eric Rescorla ekr@rtfm.com]
http://www.rtfm.com/