How about this - The issue is really one of the commission of fraud and preventing it. So is NAT really an issue? I think not. I think it may be part of the legislation but that is because that the writers didn't have our input... So if you as an ISP have a good operating process model and you log and sort your log data. What is the difference between a log that shows a bunch of stuff moving to a DHCP lease that was assigned to "xxx-yyyy" at "zz:zz" time on "dd-mm-yyyy" day. And that this lease was issued to account "blah" - then you have the most evidence that is available over a TCP connection anyway. And its as good as the testimony of the logs regarding that there was only one address at the end of that pipe serviced. What I am saying is that any legislation preventing NAT is ludicrous and in fact counter productive. What it needs to be is legislation regarding how well ISP's have to audit what their customers do. That's it. Nothing more. Look - what is the difference between the log data shown in a scenario where I don't use NAT but instead use Microsoft's Internet Sharing Feature in the Win2000 Servers? the answer is simple. Poof NAT gateway. And so now it is illegal to use a facility already distributed in every copy of MS Server deployed in these states.... Look what this law-shtick is all about is the mandating that ISP's know what their customers are doing data wise, on their wires (the ISP's) and that's it. Todd Glassey -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of Robert A. Hayden Sent: Sunday, March 30, 2003 7:34 AM To: nanog@merit.edu Subject: Re: State Super-DMCA Too True Can't NAT-like devices be just as viable as a security device as well? Is the ISP willing to take responsiblity for security breaches on my home network because they banned my firewall? From a political/public-perception standpoint, treat those ISPs that are complaining about NAT as being soft on security and encouraging hacking. In todays paranoid political climate, there might even be some milage here. I have Charter pipeline in Madison, WI, and they've been very open about people using NAT devices to the point that they are recommended in some cases as security devices as well as being sold by Charter's professional-services group as inexpensive firewalls. About six months ago I got a 1-page flier from Charter offering a 4-port Linksys and an on-site installation. Since a "NAT device" could include virtually any operating system and any PC with two or more ethernet ports, it might be better to push the "firewall" aspects of them rather than try to defend or justify the MANY-to-1 routing aspects of NAT.