The problem is that Joe User (or his kid) wants to run
some random P2P program without having to reconfigure
NAT port mappings, so they have all inbound connections
mapped to a static internal IP.
If Joe (L)User or his kid sets up his NAT that way...
well, quite honestly he gets what he deserves. Protecting
against active, deliberate stupidty is probably more than
my job description coveres.
I would be a little more tolerant, as they don't even know they're being
stupid. That being said, the only thing that will teach them is to get
nailed. It's like backups: only after one has lost a bunch of data and
spent long nights rebuilding it does one pay religious attention to make
sure that the backup is running every night. No matter what we say about
it before they actually lose the data and are unable to restore because
the last time someone put a tape in the drive was a month ago.
So, Joe (l)user or his kid will continue to configure DMZ hosts in their
Linksys, they will get hit and pay $500 to have their PC reloaded or buy
a new one, and they won't do it again. I'm not saying I like it, but
it's just the way it is.