> I still don't follow. NAT is not a security mechanism, and MAC addresses are > not privileged information.
True, but once you know the MAC you can find out the vendor quite easily, and then go about running exploits specific to that piece of hardware. > Adam - While that's certainly true, in my opinion, whether an IP is known or > unknown is irrelevant to that host's security. Again true, but i would change "whether an IP is known or unknown IS irrelevant" to "whether an IP is known or unknown SHOULD BE irrelevant" - the truth is, it's not though... For the most part we are talking mainstream people here... and while if a piece of hardware has been bullet tested (security wise) by a professional - a public address/mac shouldn't effect it, as the security measures are in place... to an untrained person with no or little security in place, every piece of information that is accessible is more fuel used to attach the host. You can fight either way, but the truth is , the more information you can keep secret - the better, this whole thread can be summed up with that... -Tim --------------------------------------------------------------------- To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org