On Wed, 11 Mar 2009, Joe Greco wrote:
In our neighbourhood, we don't have a high crime rate. Despite that, if we saw someone walking from house to house, trying doorknobs, we'd call the cops. The fact that everyone has locks on their doors does not make it all right for someone to go around from house to house to see if they're all locked.
However, it's not illegal, AFAIK. It's only illegal if you enter. Either that, or I'm gonna go prosecute some Girl Scouts.
It may not be technically illegal, but I'd bet hard cash that our local cops would find a way to put you in cuffs and haul you in. Girl Scouts are probably going to be treated a bit different than random adults who have no reasonable explanation to be trying the knobs. Girl Scouts could possibly be excused as not knowing any better.
More relatedly, is there some sort of obligation with IPv6 to move all of your NAT'ed hosts away from NAT?
No. There's also no obligation with a loaded shotgun to not point it at your foot. You can do it, you can pull the trigger. NAT has many drawbacks, especially including a whole bunch of shortcomings where workarounds are required for various protocols due to our insistence on inflicting the brokenness of NAT on the world. These are all well documented. http://www.circleid.com/posts/nat_just_say_no/ etc.
Just because you can doesn't make it a good idea. I agree, NAT != security, but it does give one a single point to manage those hosts behind it.
So's a firewall. Nobody is suggesting that we throw out the baby with the bathwater. But the bathwater's old and stinky, and is a severe impediment to growth at this point. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.