On Thu, 3 Feb 2011, Brian Johnson wrote:
3) To give all your outbound sessions a mutual appearance, so as to
confound those attempting to build a profile of your activity.
So this goes back to security through obscurity. OK.
There's an awful lot of inertia in the "NAPT/firewall keeps our hosts
safe from the internet" mentality. Sure, a stateful firewall can be
configured allow all outbound traffic and only connected/related inbound.
When someone breaks or shuts off that filter, traffic through the NAPT
firewall stops working. On the stateful firewall with public IPs on both
sides, everything works...including the traffic you didn't want.
People are going to want NAT66...and not providing it may slow down IPv6
adoption.
----------------------------------------------------------------------
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
