Re: Block all servers?

["Adam Selene" <nospam () vguild com>]

> Unfortuantely there are enough protocols and applications
> which don't work well behind a NAT that deploying this on
> a large scale is not practical. 

It already is deployed upon a large scale. When I had @Home
in Seattle (one of the first subscribers), I had a 10.x address.
Here in Costa Rica, broadband (cable modem) connections for
the entire country are behind NAT.

> Also what about folks who need to VPN in to their office
> (either via PPTP or IPSEC)?  How would you take care of that
> situation?

I use IPSEC and it works fine behind NAT.

> Unfortunately something like this would make the PC close to
> useless which is not the intent of the software provider.  Thus
> you see everything open, security be damned.

No. You default open the common and popular internet ports for
outbound, and 90% of users never use anything else.

> > As for plug-in "workgroup" networking (the main reason why
> > everything is open by default), when you create a Workgroup,
> > it should require a key for that workgroup and enable shared-key
> > IPSEC.
>
> And joe user will understand this because.....

That's the point, he doesn't have to. A "workgroup" becomes a
name + a key/phassphrase instead of just a name. What that 
accomplishes is completely hidden.

    Adam