On Sun, Mar 23, 2014 at 11:07 PM, Naslund, Steve <SNaslund@medline.com> wrote:
I am not sure I agree with the basic premise here. NAT or Private addressing does not equal security.
Hi Steve, It is your privilege to believe this and to practice it in the networks you operate. Many of the folks you would have deploy IPv6 do not agree. They take comfort in the mathematical impossibility of addressing an internal host from an outside packet that is not part of an ongoing session. These folks find that address-overloaded NAT provides a valuable additional layer of security. Some folks WANT to segregate their networks from the Internet via a general-protocol transparent proxy. They've had this capability with IPv4 for 20 years. IPv6 poorly addresses their requirement. Regards, Bill Herrin -- William D. Herrin ................ herrin@dirtside.com bill@herrin.us 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004