Re: the alleged evils of NAT, was Rate of growth on IPv6 not fast enough?

[Owen DeLong <owen () delong com>]

On Apr 27, 2010, at 2:25 PM, Jon Lewis wrote:

> On Tue, 27 Apr 2010 Valdis.Kletnieks () vt edu wrote:
>
> > That site will manage to chucklehead their config whether or not it's NAT'ed.
>
> True...but when they do it and all their important stuff is in 192.168.0/24, you still can't reach it...and if they 
> break NAT, at least their internet breaks.  i.e. they'll know its broken.  When they change the default policy on the 
> firewall to Accept/Allow all, everything will still work...until all their machines are infected with enough stuff to 
> break them.
Nah... They'll chucklehead forward something to 135-139/TCP on the box with all the important stuff just fine.
NAT won't save them from this.

> > Hmm... Linux has a firewall.  MacOS has a firewall. Windows XP SP2 or later
> > has a perfectly functional firewall out of the box, and earlier Windows had
> > a firewall but it didn't do 'default deny inbound' out of the box.
>
> Linux can have a firewall.  Not all distros default to having any rules. XP can (if you want to call it that).  I 
> don't have any experience with MacOS.  Both my kids run Win2k (to support old software that doesn't run well/at all 
> post-2k).  I doubt that's all that unusual.
And the rest of the world should pay for your kid's legacy requirements why?

> > Are you *really* trying to suggest that a PC is not fit-for-purpose
> > for that usage, and *requires* a NAT and other hand-holding?
>
> Here's an exercise.  Wipe a PC.  Put it on that cable modem with no firewall.  Install XP on it.  See if you can get 
> any service packs installed before the box is infected.
1.      Yes, I can.  I simply didn't put an IPv4 address on it. ;-)
2.      I wouldn't hold XP up as the gold standard of hosts here.

Owen