[AusNOG] IPv4 Exhaustion, APNIC EC, and James is a nice bloke ; -)
robert at timetraveller.org
Thu Jul 31 03:41:14 EST 2008
On Sat, 19 Jul 2008, Steve Baxter wrote:
Kris Price wrote:
>> NAT != security.
> Yes, but NAT is far better than everything in your house being globally
> addressable - by anybody !
Well I have rather expected the solution to that is a firewall. Just
because the addresses are globally routable doesn't mean you have to allow
anyone in. I'm actually surprised this is even being raised given that
firewalls are already readily available for home use.
NAT was a hack to get around a specific problem. The problem is going to
go away and NAT should go away with it.
As for IP fridges and the like, the ability to get dynamic firmware
updates has nothing to do with NAT existing on the network or not. That
could be done right now - the fridge is going to be initiating the
connection, not the manufacturer as they have no way of knowing where the
fridge is (network-wise) before it calls home. The fridge can easily open
a VPN connection home so the manufacturer can push updates over it. This
can occur with or without NAT in IPv4 or IPv6. I expect firmware updates
on IP connected appliances will be configurable. This is consistent with
"With sufficient thrust, pigs fly just fine..."
-- RFC 1925 "The Twelve Networking Truths"
More information about the AusNOG