On 1/17/13 9:54 AM, "William Herrin" <b...@herrin.us> wrote:
>On Thu, Jan 17, 2013 at 5:06 AM, . <oscar.vi...@gmail.com> wrote: >> The people on this list have a influence in how the Internet run, hope >> somebody smart can figure how we can avoid going there, because there >> is frustrating and unfun. > >"Free network-based firewall to be installed next month. OPT OUT HERE >if you don't want it." I haven't heard anyone talking about carrier-grade firewalls. To make CGN work a little, you have to enable full-cone NAT, which means as long as you're connected to anything on IPv4, anyone can reach you (and for a timeout period after that). And most CGN wireline deployments will have some kind of bulk port assignment, so the same ports always go to the same users. NAT != security, and if you try to make it, you will lose more customers than I predicted. > >It's not a hard problem. There are yet plenty of IPv4 addresses to go >around for all the people who actually care whether or not they're >behind a NAT. I doubt that very much, and look forward to your analysis supporting that statement. Lee > >Regards, >Bill Herrin > > >-- >William D. Herrin ................ her...@dirtside.com b...@herrin.us >3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> >Falls Church, VA 22042-3004 > >
