That is how we got here. Ignore it, hope it will go away. What I am suggesting is that there is no reason nat had to reusult in being on the interNOT rather than the internet. Further folk are going to buy these and put them at the border of their home networks. Trying to secure end point computers is futile. There will always be holes, the attackers only need to own one percent of the internet to be able to create havoc. I note also that even though linux boxes are not a large percentage of net they are prime targets for hackers. I suspect because they tend to be connected to unrestircted dsl lines more often than capability limited cable modems. If I dot run a local mail server why should I let a machine have unrestricted net access if it does not need it? Why allow one of my machines to syn flood? Present a smaller prize to the hackers and you are less likely to have severe problems. End to end only security dogma is like saying buildings should be fireproof and sprikler systems are evil and unnecessary -----Original Message----- From: Putzolu, David Sent: Wed Jun 18 13:59:43 2003 To: 'Keith Moore'; Hallam-Baker, Phillip Cc: pbaker@verisign.com; Ronald.vanderPol@rvdp.org; aarsenau@bbn.com; ietf@ietf.org Subject: RE: myth of the great transition (was US Defense Department forma lly adopts IPv6) > NAT is a denial of service attack, not a means of policy enforcement. I wonder if NAT is to ietf discussions as Nazis was to Usenet discussions. That is, will every heated IETF debate eventually lead to invoking the NAT bogyman? And if that where to be true, would the corollary apply that the discussion is no longer fruitful? Cheers, David