*> *> > If you want to address denial of service issues you need protocol *> > enforcement points. *> *> NAT is a denial of service attack, not a means of policy enforcement. *> *> *> Keith, I think it would be more accurate to say that a NAT contravenes the basic Internet prnciple of universal connectivity. Since 1980 we have believed that universal connectivity was one of the great achievements of the Internet design. Today, one must unfortunately question whether universal connectivity can be sustained (or is even the right goal) in a networking environment without universal trust. Maybe NATs are, in fact, a result of a very deep problem with our architecture. If you accept that, then there is no point in attacking NATs until you can propose a better architectural solution to the trust problem (hopefully, there will be one!) Bob Braden