On Tue, 27 Apr 2010 14:54:07 EDT, Jon Lewis said:
I think you forget where most networking is done. Monitoring? You mean something beyond walking down the hall to the network closet and seeing all the blinking lights are flashing really fast?
That site will manage to chucklehead their config whether or not it's NAT'ed.
How about the typical home DSL/Cable modem user?
And they won't manage to chucklehead their config, even if it's not NAT'ed.
Do you think they even know what SNMP is? Do you think they have host based firewalls on all their PCs?
Hmm... Linux has a firewall. MacOS has a firewall. Windows XP SP2 or later has a perfectly functional firewall out of the box, and earlier Windows had a firewall but it didn't do 'default deny inbound' out of the box. Those people with XBoxes and Playstations and so on can take it up with their vendors - they were certainly *marketed* as "plug it in and network", and at least my PS/2 and PS/3 didn't come with a "Warning: Do Not Use Without a NAT" sticker on them. So who doesn't have a host-based firewall in 2010? The idea is old enough that it's *really* time to play name-and-blame.
Do you want mom and dad's PCs exposed on the internet, or neatly hidden behind a NAT device they don't even realize is built into their cable/DSL router?
Be careful here - I know that at least in my neck of Comcast cable, you can go to Best Buy, get a cablemodem, plug the cable in one side, plug an ethernet and one machine in the other side, and be handed a live on-the-network DHCP address that works just fine except for outbound port 25 being blocked. For the past month or so, my laptop has gotten 71.63.92.124 every night when I get home, which certainly doesn't look very NAT'ed. Are you *really* trying to suggest that a PC is not fit-for-purpose for that usage, and *requires* a NAT and other hand-holding? And for the record - I don't worry about my mother's PC being exposed on the Internet, because she's running Vista, which has a sane firewall by default. What *does* worry me is that she's discovered Facebook, and anything she clicks on there will not have the *slightest* bit of trouble whomping her machine through a NAT. Let's be realistic - what was the last time we had a *real* threat that a NAT would have stopped but the XP SP2 firewall would not have stopped? And how many current threats do we have that are totally NAT-agnostic?