-=> On 01-26-19 21:18, Victor Sudakov wrote to Tony Langdon <=-

 VS> It was not intended as a security mechanism initially, but over time,
 VS> it became one, and is required by many security guidelines. Ask some
 VS> computer security specialist you trust, if you don't believe me.

Well, having compared notes, I am wary of anyone who calls themselves a
"specialist" without personal knowledge and trust of the person. :)  I've
certainly heard a lot of dodgy stories about so-called "specialists" in
networking from a very trusted source over the years.

 VS> Of course it does more! No packet filter *hides* *src* *addresses* of
 VS> your internal hosts, and that is exactly what security people love NAT
 VS> for.

True, but IPv6 has mechanisms for source IP privacy without NAT.

 VS> Sorry you are mistaken. Very few attacks nowdays are based on injecting
 VS> malicious traffic into your network, those times are long gone.
 VS> Information gathering about your intranet could be much more important
 VS> than the ability to send traffic into it from outside.

That is a good point.

 TL> NAT still creates a lot of problems, ask anyone who'd wrestled with
 TL> port forwarding, to try and get services opened to the Internet.

 VS> That's a different story, I myself have wrestled enough with IPv4 NAT.
 VS> So I would be happy to advocate NAT-less IPv6 to anyone, but I need
 VS> arguments. Have not heard anything new so far.

Yeah so have I and it's a pain in the proverbial.


... Sir, the Romulans do not take prisoners!
=== MultiMail/Win v0.51
--- SBBSecho 3.03-Linux