Re: ISPs can easily decrease net abuse

From: Melinda Shore (shore_at_panix.com)
Date: 12/07/03


Date: 7 Dec 2003 16:22:13 -0500

In article <MPG.1a3d622bc2697697989efc@news-server.columbus.rr.com>,
Leythos <void@nowhere.com> wrote:
>You seem to never address the reason for this thread - the fact that
>zillions of home computers are NOT PROTECTED BY ANYTHING and those
>computers cost ALL of us money and resources.

I think you're asking the right question, but that doesn't
mean you've come up witht he right answer. Indeed, you've
come up with a simply awful answer - one that not only
limits user choice and devalues the network, but also one
that limits operator control of his own network security
policy. That is to say, with a firewall you've got some
hope of control of providing policy-based access. With NAT
you don't - with the NAT there's no access, period, without
throwing bad crud into the network to get across the NAT
(which is, by definition, violating policy). Different
tools solve different problems, and using a NAT to solve
security problems is not unlike using a screwdriver to pound
nails.

>For what it's worth, I understand your point, [ ... ]

Clearly you don't.

-- 
     Melinda Shore - Software longa, hardware brevis - shore@panix.com
            Bad taste is better than no taste -- Arnold Bennett


Relevant Pages