Technically true, of course.
However, most SOHO sites look for a zero-order level of protection
against the random worm trying to connect to an open TCP port on the
average windows machine (especially one set up for file/print sharing
on the SOHO network), and NAT does that just fine.
IPv6 marketing has to take this into account, with a deliberate "here
is why the IPv6 gateway provides the same default protection as NAT..."
On Nov 22, 2004, at 18:00, Fred Baker wrote:
would that it were true. In fact, it is pretty easy to breech. All one
has to do is ddos with a the right port prefix, observe a response of
any kind, and you can ddos right through it.
An actual stateful firewall is a good thing. NAT mostly has the effect
of deluding the person behind it into thinking they have a security
Screen doors are a good thing. They should be confused neither with
storm doors nor effective insect inhibitions in the home...
Hans Kruse, Associate Professor
J. Warren McClure School of Communication Systems Management
Adjunct Associate Professor of Electrical Engineering and Computer
292 Lindley Hall, Ohio University, Athens, OH, 45701
740-593-4891 voice, 740-593-4889 fax
Ietf mailing list