mh (RE: OMB: IPv6 by June 2008)

Absolutely correct. Real firewalls pass inbound traffic because a
state table entry exists. NATs do the same thing, with nasty
side-effects. There is no added security from the header-mangling.

    --Steven M. Bellovin,

To which Len Bosak quipped a few years ago: "If you don't know its name, you can't curse it".


Sure you can. For a human entity, get a few hairs from its head or nail
clippings. For a network entity, get the bits of its externally visible
IP address.