NAT/PAT as a standard is very limited in its ability to protect against incoming messages.
Of course, since it’s not its function. Firewalls exist for a reason.
The problem is that there isn’t a distinction between “internal networks” and “public servers” or between “public servers” and home machines. They’re not merely a bad metaphor, but an actively misleading one.
I disagree. “Home machine” is a silly name which doesn’t mean much, but the distinction between internal networks and public servers is rather obvious to me.
The internet /requires/ all devices be addressable.
No, I don’t think it does. IP protocol requires an IP address, but that’s not the same thing as requiring devices be addressable. Network bridges and intrusion-detection boxes, for example, are devices that are commonly set up as non-addressable.
If your home machine can access any website, it does so by making itself distinguishable from others on the same internal network and leaving itself exposed to return messages.
Let’s leave home machines out of it and talk about boxes on an internal LAN. The mapping between IP addresses and machines can be established by middleware and doesn’t have to be long-term or permanent. In some cases (e.g. VMs, high availability environments) the end point of a connection can change without the public server being aware of anything at all.
Of course, since it’s not its function. Firewalls exist for a reason.
I disagree. “Home machine” is a silly name which doesn’t mean much, but the distinction between internal networks and public servers is rather obvious to me.
No, I don’t think it does. IP protocol requires an IP address, but that’s not the same thing as requiring devices be addressable. Network bridges and intrusion-detection boxes, for example, are devices that are commonly set up as non-addressable.
Let’s leave home machines out of it and talk about boxes on an internal LAN. The mapping between IP addresses and machines can be established by middleware and doesn’t have to be long-term or permanent. In some cases (e.g. VMs, high availability environments) the end point of a connection can change without the public server being aware of anything at all.