[no subject]

[Jim Shankland <nanog () shankland org>]

> No, the reason we have NAT is because it's a lot easier for novice
> network administrators to divvy up and route 10/8 than it is 208.x.x/20.

Only for novices :-)?  And what if the alternative is not a /20, but
a /24, or even a /28?

> There's also a general perception that NAT increases security; some
> "security" companies go so far as to say NAT removes the need for a
> firewall.

Agreed that NAT does not remove the need for a firewall; but it *does*
increase security.

I have a machine behind a NAT; its IP address is 192.168.27.111.
It has an open telnet port; the root password is "rutabaga".
(It's on a completely different network than the one I'm sending this
email from, so don't bother trying to deduce anything from the mail
headers or my domain name.)  I don't believe that I've just
compromised its security :-).

Jim Shankland