North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Block all servers?
Adam Selene wrote: NAT boxes are quite unreliable, specially large ones. If you say "put 100000 small ones instead",NAT is more expensive to produce, so it should be an optional premium service, and that seems to be more and more the case.Not necessarily when you consider the cost (in bandwidth, that really sounds a support nightmare. And you can filter without having NAT. (a long time ago NAT was thought to be a security mechanism, that has fortunately mostly died out) That's not even to mention the cost imposed by compromised systems.For the price of a large NAT box, you can buy better security mitigation products which would allow you to get the wilful spammers, trojaned machines, etc. which are not saved by your magic box. Given that most edge hardware supports NAT, the additional cost My operational experience tells quite a different story. Getting IP space allocation is not without cost either. That�s nothing compared to the people complaining about their applications not working because you want to break their packets. Pete
|