[112642] in North American Network Operators' Group
Re: Dynamic IP log retention = 0?
daemon@ATHENA.MIT.EDU (Joe Greco)
Wed Mar 11 18:47:14 2009
From: Joe Greco <jgreco@ns.sol.net>
To: beckman@angryox.com (Peter Beckman)
Date: Wed, 11 Mar 2009 16:46:54 -0600 (CST)
In-Reply-To: <alpine.BSF.2.00.0903111825080.53603@nog.angryox.com> from "Peter
Beckman" at Mar 11, 2009 06:27:44 PM
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
> On Wed, 11 Mar 2009, Joe Greco wrote:
> > In our neighbourhood, we don't have a high crime rate. Despite that,
> > if we saw someone walking from house to house, trying doorknobs, we'd
> > call the cops. The fact that everyone has locks on their doors does
> > not make it all right for someone to go around from house to house to
> > see if they're all locked.
>
> However, it's not illegal, AFAIK. It's only illegal if you enter. Either
> that, or I'm gonna go prosecute some Girl Scouts.
It may not be technically illegal, but I'd bet hard cash that our local
cops would find a way to put you in cuffs and haul you in. Girl Scouts
are probably going to be treated a bit different than random adults who
have no reasonable explanation to be trying the knobs. Girl Scouts could
possibly be excused as not knowing any better.
> More relatedly, is there some sort of obligation with IPv6 to move all of
> your NAT'ed hosts away from NAT?
No. There's also no obligation with a loaded shotgun to not point it at
your foot. You can do it, you can pull the trigger.
NAT has many drawbacks, especially including a whole bunch of shortcomings
where workarounds are required for various protocols due to our insistence
on inflicting the brokenness of NAT on the world. These are all well
documented.
http://www.circleid.com/posts/nat_just_say_no/
etc.
> Just because you can doesn't make it a
> good idea. I agree, NAT != security, but it does give one a single point
> to manage those hosts behind it.
So's a firewall. Nobody is suggesting that we throw out the baby with
the bathwater. But the bathwater's old and stinky, and is a severe
impediment to growth at this point.
... JG
--
Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
"We call it the 'one bite at the apple' rule. Give me one chance [and] then I
won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN)
With 24 million small businesses in the US alone, that's way too many apples.
