At 08:14 02-07-2007, Hallam-Baker, Phillip wrote:
My point here is that the principal objection being raised to NAT,
the limitation on network connectivity is precisely the reason why
it is beneficial.
There is no other device that can provide me with a lightweight
firewall for $50.
NAT is not a firewall although its side-effect is that it may be seen
as one. That $50 device makes everyone a RIR. Protocols are tweaked
to get around the problems associated with NAT. That may not be seen
as a problem if we remain in a web-centric world.
It is not helpful to criticise a security measure that empirically
offers a high degree of security for failing to address cases it is
not designed to deal with. An HTTP server behind a NAT box is no
HTTP server and thus no threat.
It offers a fall sense of security. A person running a HTTP server
behind a NAT box usually does port redirection to that server. The
threat remains.
Regards,
-sm
_______________________________________________
Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf