Keith Moore <moore(_at_)cs(_dot_)utk(_dot_)edu> writes:
NAT is a denial of service attack, not a means of policy enforcement.
I don't think this is really accurate.
The difference between denial of service and policy enforcement
is primarily a question of authorization. Since the people who
install NAT generally own the networks in question, characterizing
NAT as a DoS attack doesn't really seem right.
people who run virus-laden programs are doing so because they want the
advertised functionality of that program, not because they want to infect
their systems or spread the virus. people who use Microsoft mail readers do
so because they want to read mail, not because they want to expose their
systems to attack.
Yes, I totally agree with that. What's your point?
similarly, people who install NAT usually don't realize how much this
costs them in lost functionality and reliability.
Really? You have evidence of this?
I don't either, but my intuition is that you're wrong. Once you have
decided to have a firewall in place (which you may think is evil, but
I consider pretty much a necessary evil), I suspect that most people
suffer almost not at all from having a NAT.
perhaps DoS isn't quite the right term, but it's not far off.
I'm not sold.
-Ekr
--
[Eric Rescorla ekr(_at_)rtfm(_dot_)com]
http://www.rtfm.com/