Dynamic IP log retention = 0?

> In our neighbourhood, we don't have a high crime rate. Despite that,
> if we saw someone walking from house to house, trying doorknobs, we'd
> call the cops. The fact that everyone has locks on their doors does
> not make it all right for someone to go around from house to house to
> see if they're all locked.

  However, it's not illegal, AFAIK. It's only illegal if you enter. Either
  that, or I'm gonna go prosecute some Girl Scouts.

It may not be technically illegal, but I'd bet hard cash that our local
cops would find a way to put you in cuffs and haul you in. Girl Scouts
are probably going to be treated a bit different than random adults who
have no reasonable explanation to be trying the knobs. Girl Scouts could
possibly be excused as not knowing any better.

  More relatedly, is there some sort of obligation with IPv6 to move all of
  your NAT'ed hosts away from NAT?

No. There's also no obligation with a loaded shotgun to not point it at
your foot. You can do it, you can pull the trigger.

NAT has many drawbacks, especially including a whole bunch of shortcomings
where workarounds are required for various protocols due to our insistence
on inflicting the brokenness of NAT on the world. These are all well



  Just because you can doesn't make it a
  good idea. I agree, NAT != security, but it does give one a single point
  to manage those hosts behind it.

So's a firewall. Nobody is suggesting that we throw out the baby with
the bathwater. But the bathwater's old and stinky, and is a severe
impediment to growth at this point.

... JG