On Tue, 27 Apr 2010 14:54:07 EDT, Jon Lewis said: > I think you forget where most networking is done. Monitoring? You mean > something beyond walking down the hall to the network closet and seeing > all the blinking lights are flashing really fast?
That site will manage to chucklehead their config whether or not it's NAT'ed. > How about the typical home DSL/Cable modem user? And they won't manage to chucklehead their config, even if it's not NAT'ed. > Do you think they even > know what SNMP is? Do you think they have host based firewalls on all > their PCs? Hmm... Linux has a firewall. MacOS has a firewall. Windows XP SP2 or later has a perfectly functional firewall out of the box, and earlier Windows had a firewall but it didn't do 'default deny inbound' out of the box. Those people with XBoxes and Playstations and so on can take it up with their vendors - they were certainly *marketed* as "plug it in and network", and at least my PS/2 and PS/3 didn't come with a "Warning: Do Not Use Without a NAT" sticker on them. So who doesn't have a host-based firewall in 2010? The idea is old enough that it's *really* time to play name-and-blame. > Do you want mom and dad's PCs exposed on the internet, or > neatly hidden behind a NAT device they don't even realize is built into > their cable/DSL router? Be careful here - I know that at least in my neck of Comcast cable, you can go to Best Buy, get a cablemodem, plug the cable in one side, plug an ethernet and one machine in the other side, and be handed a live on-the-network DHCP address that works just fine except for outbound port 25 being blocked. For the past month or so, my laptop has gotten 71.63.92.124 every night when I get home, which certainly doesn't look very NAT'ed. Are you *really* trying to suggest that a PC is not fit-for-purpose for that usage, and *requires* a NAT and other hand-holding? And for the record - I don't worry about my mother's PC being exposed on the Internet, because she's running Vista, which has a sane firewall by default. What *does* worry me is that she's discovered Facebook, and anything she clicks on there will not have the *slightest* bit of trouble whomping her machine through a NAT. Let's be realistic - what was the last time we had a *real* threat that a NAT would have stopped but the XP SP2 firewall would not have stopped? And how many current threats do we have that are totally NAT-agnostic?
pgpgrdKEWuLRD.pgp
Description: PGP signature