Re: ***SPAM*** Re: IPv6 support in firewalls

[Dave Piscitello <dave () corecom com>]

Patrick M. Hausen wrote:

> First you should not rely on NAT as a security measure, anyway,
> because it isn't.

I advocate using every measure possible to provide security. IP 
masquerading helps thwart information gathering. I would never suggest 
using NAT as the only security measure. By IP masquerading, I avoid 
having a RIR identify the address blocks I use internally, as they would 
if I were to use public space. Explain why you feel this is wrong?


> Third, this is the _only_ way to get rid of the "net 10 considered
> harmful" nightmare 

It's only a nightmare for people who do not exercise discipline in 
assigning addresses. I could just as easily err with public addresses 
and assign the same block of addresses to multiple sites. The fact that 
an RIR allocates you a block of IPv6 addresses does not guarantee you 
will not botch assignment within your networks.

Even Forrest Gump knows, "stupid is as stupid does".


> IMHO theses are the combined reasons to start over and
> kill NAT forever.

Won't happen in my lifetime, nor my childrens' lifetime.

Attachment: dave.vcf
Description:

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards