* Bryan Fields: > Yes, but I was showing what a great DDOS attack method it would be > too ;)
The beauty of flow-based forwarding (with or without NAT) is that several types of denial-of-service attacks tend to hurt close to the packet sources, and not just close to the victim. As far as the whole system is concerned, this is a very, very good thing.