Context is important. We are talking about home computers here. IPSEC and multiple servers aren't very relavent to most home computer users. If someone has more than one computer on a home network, they probably already have a NAT box to share the network connection. The suggestion here is that for folks who are running only one computer should also get a NAT box if they are connecting to the Internet via a cablemodem or DSL connection. NAT boxes have this nice characteristic that they act as a firewall.
Richard -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 13, 2003 10:18 PM To: Richard M. Smith Cc: [EMAIL PROTECTED] Subject: Re: [Full-Disclosure] Microsoft urging users to buy Harware Firewalls On Wed, 13 Aug 2003 20:04:47 EDT, "Richard M. Smith" <[EMAIL PROTECTED]> said: > Windows directory from being accessed from the Internet. My only > question is why aren't NAT routers built into all cable and DSL modems. Because NAT is *not* a be-all and end-all. NAT *does* break things. You can't easily do IPSec through a NAT (meaning you need to do some tap-dancing if you want to VPN from one). NAT breaks a lot of end-to-end stuff - for instance, if you have a NAT, it's *REALLY* hard to have 2 different machines running servers on the same port. http://www.ietf.org/rfc/rfc3027.txt?number=3027 for all the gory details _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
