Re: IPv6 NAT

North American Network Operators Group

Re: IPv6 NAT

From: Joe Abley
Date: Fri Oct 31 12:01:27 2003

On 31 Oct 2003, at 11:43, Patrick W. Gilmore wrote:

There is NO security benefit to NAT/PAT/NAPT.
Disagree.

None of the scanning / infecting viruses could get past a $50 NAT/PAT device which Joe User brings home and turns on without configuring.

It's not the NAT that those boxes are doing which protected Joe User (no relation). It's the firewall function of those boxes -- the function which stops certain traffic being permitted through the front door -- which stopped the viruses outside the front door infecting the windows box in the dining room.

The $50 NAT device performs the firewall function as well as the NAT function.

A $50 device which just provided the firewall function would protect Joe User just as well from viruses.

The NAT function is required because Joe User requires multiple addresses, but his ISP will only give him one. That's orthogonal to the firewall function.

Let's move on.

Joe

References:
- RE: IPv6 NAT Tony Hain
- Re: IPv6 NAT Stephen Sprunk
- Re: IPv6 NAT Owen DeLong
- Re: IPv6 NAT Patrick W. Gilmore

Prev by Date: RE: Yankee Group declares core routing obsolete (was Re: Anybodyusing GBICs?)
Next by Date: Re: IPv6 NAT
Date Index
Thread Index
Author Index
Historical