Re: NAT is not a firewall
I've seen gamers doing their best to lower their pants in front of the world trying to bypass NAT and UPnP because they believe it will lower their ping or whatever.
NAT does protect a large number of unaware users because it acts like a deny all rule which cannot be disabled easily, with enough technical knowledge and still for a limited number of endpoints. A gamer may put its PS4 in the DMZ or as the default host, but other system will be inaccessible still.
On the other end IPv6 will need a proper firewall and will need to avoid users disabling it because their ping "is too slow" or they can't access their NAS from their phone, etc. etc. Expect lots of users following advice to "disable the firewall".
It's a trivial job for those who understand how the internet works. For all those thinking that's a magic box where cat videos appear from, it's not.
I'm fully for IPv6 being deployed, but we can't simply ignore how it will impact users and what new risks it brings.
For example, I don't believe the DoD is unware that anybody able to monitor just its IPs with IPv6 will be able to identify how many different systems are behind the firewall, and which IP changes and which one stays the same. In turn it gives an idea of how many people could be there, etc. etc.
And at least most systems should not now send out their MAC addresses.....
Biting the hand that feeds IT
