Keith Moore <[EMAIL PROTECTED]> writes:
> > If you want to address denial of service issues you need protocol
> > enforcement points.
>
> NAT is a denial of service attack, not a means of policy enforcement.
I don't think this is really accurate.
The difference between denial of service and policy enforcement
is primarily a question of authorization. Since the people who
install NAT generally own the networks in question, characterizing
NAT as a DoS attack doesn't really seem right.
-Ekr
--
[Eric Rescorla [EMAIL PROTECTED]
Web Log: http://www.rtfm.com/movabletype
