 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
On Wed, Mar 30, 2011 at 10:33 AM, Richard Pieri <Richard.Pieri-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org>wrote: > > Anyone who relies on NAT for security has almost no network security (see: > source IP spoofing). NAT is not, and never has been, about security. It > exists to address the limited address space in IPv4 but it is not formally > part of IPv4. NAT is, ultimately, a clever hack used to link non-routable > networks to routable networks. > > IPv6 removes this necessity. Thus, no NAT for IPv6. And hopefully there > never will be. IPv6 has link-local and site-local addressing, which > eliminates the need for segregating non-routable networks. This is built > into the specification. For everything else there is SPI. > Agreed, NAT is not a required ingredient for an effective firewall. Apples and oranges. It does, however, provide source obfuscation for individual machines on a LAN, and there is some value in that. For example, I suspect if it weren't for NAT, consumers would be paying their ISPs "per-node" connection fees. If things move in that direction in a mostly-IPv6 world, we could see a resurgence of NAT.
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
