-- On Friday, October 31, 2003 08:03 -0800 -- Owen DeLong <owen@delong.com> supposedly wrote:
There is NO security benefit to NAT/PAT/NAPT.
Disagree. None of the scanning / infecting viruses could get past a $50 NAT/PAT device which Joe User brings home and turns on without configuring. Do not talk about "if they statically NAT...". Punching holes in stateful firewalls will cause just as much damage.
There is a security benefit to stateful inspection.
Agreed. And I doubt anyone on this list would say differently.
NAT is harmful to many protocols. Stateful inspection is not.
Possibly. But Joe User will never use those "many protocols". Plus the overwhelming majority of protocols are not harmed by NAT. I would bet a statistically insignificant number of packets on the Internet (many places to the right of the decimal) are part of those protocols. This does not mean we should NAT everything, since I use some of those protocols. But if every Joe User had a DLink NAT box in front of his Winbloze box, the Internet would be a safer place. And you know it. -- TTFN, patrick