On Jul 2, 2007, at 8:14 AM, Hallam-Baker, Phillip wrote:
My point here is that the principal objection being raised to NAT,
the limitation on network connectivity is precisely the reason why
it is beneficial.
There is no other device that can provide me with a lightweight
firewall for $50.
Teredo enabled NATs are likely how IPv6 address use becomes common
place. This creates interesting security problems as this bypasses
normal policies. Even so, many exploits are not prevented by NATs
and peripheral defenses. Exploits simply depend on the lines of code
found within browsers and their many hooks into OS services and
applications.
The problem has become so pervasive as to require extensive
retooling. For example, SMTP reputations must be made more
progressive in an attempt to accommodate a pervasive level of 0wned
systems. The battle rages where NATs are not a complete solution,
but instead represent a new challenge.
-Doug
_______________________________________________
Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf