[146560] in North American Network Operators' Group
Re: Arguing against using public IP space
daemon@ATHENA.MIT.EDU (Karl Auer)
Tue Nov 15 21:08:13 2011
From: Karl Auer <kauer@biplane.com.au>
To: nanog@nanog.org
In-Reply-To: <20111116012029.66D99173B09C@drugs.dv.isc.org>
Date: Wed, 16 Nov 2011 13:07:56 +1100
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--=-bmMmvlV5v8BcFRFG0Hdf
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
On Wed, 2011-11-16 at 12:20 +1100, Mark Andrews wrote:
> You are making assumptions about how the NAT is designed.
> [...]
> Unless you know the internals of a NAT you cannot say whether it
> fails open or closed.
Indeed not!
=46rom 2010, during an identical discussion:
http://seclists.org/nanog/2010/Apr/1166
To me, "fail" means that a system stops doing what it was designed to
do. The results are by definition undefined. Others seem to think that
"fail" means a kind of default.
> it is actually feasible to probe through a NAT using LSR.
What's LSR in this context? Loose source routing, I'm guessing.
Regards, K.
--=20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer@biplane.com.au) +61-2-64957160 (h)
http://www.biplane.com.au/kauer/ +61-428-957160 (mob)
GPG fingerprint: DA41 51B1 1481 16E1 F7E2 B2E9 3007 14ED 5736 F687
Old fingerprint: B386 7819 B227 2961 8301 C5A9 2EBC 754B CD97 0156
--=-bmMmvlV5v8BcFRFG0Hdf
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEABECAAYFAk7DGvYACgkQMAcU7Vc29oe+hwCfb/7+WwnKt4QatptuadN8vr7z
hPEAoI5LiMuONYMosU5W+7QBYEMerbFg
=UX/b
-----END PGP SIGNATURE-----
--=-bmMmvlV5v8BcFRFG0Hdf--
