Mangling the header did not prevent the worms, lack of state did that. A stateful filter that doesn't need to mangle the packet header is frequently called a firewall (yes some firewalls still do, but that is by choice). Tony
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Andre Oppermann Sent: Friday, July 08, 2005 4:42 AM To: Fergie (Paul Ferguson) Cc: dcrocker@bbiw.net; nanog@merit.edu Subject: Re: mh (RE: OMB: IPv6 by June 2008)
Fergie (Paul Ferguson) wrote:
I'd have to counter with "the assumption that NATs are going away with v6 is a rather risky assumption." Or perhaps I misunderstood your point...
There is one thing often overlooked with regard to NAT. That is, it has prevented many network based worms for millions of home users behind NAT devices. Unfortunatly this fact is overlooked all the time. NAT has its downsides but also upsides sometimes.
-- Andre