[125678] in North American Network Operators' Group
Re: Rate of growth on IPv6 not fast enough?
daemon@ATHENA.MIT.EDU (Karl Auer)
Wed Apr 21 01:51:36 2010
From: Karl Auer <kauer@biplane.com.au>
To: nanog@nanog.org
In-Reply-To: <FB17BC57-FAB3-45E1-886A-664A0FD42C9E@delong.com>
Date: Wed, 21 Apr 2010 15:49:51 +1000
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--=-UNBLdpwGDoCb+8lv9RNm
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
On Tue, 2010-04-20 at 21:27 -0700, Owen DeLong wrote:
> I believe we are talking about the case where some engineer
> fat-fingers a change and Roger's claim is that a stateful inspection
> without NAT box will permit unintended traffic while a NAT box will
> not.
Possibly restating Mark's point, but if fat fingers are allowed as a
source of failure, impact is unlimited.
> IOW, All of NAT's security comes from the fact that it requires a
> state table, like stateful inspection.
>=20
Er - I think it's a deeper point I was making. To the extent that NAT
offers security at all, that security comes as an *unintentional side
effect* of the job it is actually designed to do. That is, the NAT
device *does not care* about its "security" function.
Regards, K.
>=20
--=20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer@biplane.com.au) +61-2-64957160 (h)
http://www.biplane.com.au/~kauer/ +61-428-957160 (mob)
GPG fingerprint: B386 7819 B227 2961 8301 C5A9 2EBC 754B CD97 0156
Old fingerprint: 07F3 1DF9 9D45 8BCD 7DD5 00CE 4A44 6A03 F43A 7DEF
--=-UNBLdpwGDoCb+8lv9RNm
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEABECAAYFAkvOkf8ACgkQLrx1S82XAVY1/wCg1+TAVLcPFMAf0T4YKLcVM/B+
nk0AnjKbtjAdTQy/aEpT6YVH+5QeUmEU
=Hgot
-----END PGP SIGNATURE-----
--=-UNBLdpwGDoCb+8lv9RNm--
