[82158] in North American Network Operators' Group
RE: mh (RE: OMB: IPv6 by June 2008)
daemon@ATHENA.MIT.EDU (Tony Hain)
Fri Jul 8 16:04:05 2005
From: "Tony Hain" <alh-ietf@tndh.net>
To: "'Andre Oppermann'" <nanog-list@nrg4u.com>,
"'Fergie (Paul Ferguson)'" <fergdawg@netzero.net>
Cc: <dcrocker@bbiw.net>, <nanog@merit.edu>
Date: Fri, 8 Jul 2005 04:52:59 +0900
In-Reply-To: <42CD8571.4060009@nrg4u.com>
Errors-To: owner-nanog@merit.edu
Mangling the header did not prevent the worms, lack of state did that. A
stateful filter that doesn't need to mangle the packet header is frequently
called a firewall (yes some firewalls still do, but that is by choice).
Tony
> -----Original Message-----
> From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of
> Andre Oppermann
> Sent: Friday, July 08, 2005 4:42 AM
> To: Fergie (Paul Ferguson)
> Cc: dcrocker@bbiw.net; nanog@merit.edu
> Subject: Re: mh (RE: OMB: IPv6 by June 2008)
>
>
> Fergie (Paul Ferguson) wrote:
> >
> > I'd have to counter with "the assumption that NATs are going
> > away with v6 is a rather risky assumption." Or perhaps I
> > misunderstood your point...
>
> There is one thing often overlooked with regard to NAT. That is,
> it has prevented many network based worms for millions of home
> users behind NAT devices. Unfortunatly this fact is overlooked
> all the time. NAT has its downsides but also upsides sometimes.
>
> --
> Andre
