[171480] in North American Network Operators' Group
Re: We hit half-million: The Cidr Report
daemon@ATHENA.MIT.EDU (Mark Foster)
Thu May 1 20:06:45 2014
X-Original-To: nanog@nanog.org
In-Reply-To: <3F9B9ED2-C78D-4073-9DC1-F494CE1B92B6@cisco.com>
Date: Fri, 2 May 2014 12:06:36 +1200
From: "Mark Foster" <blakjak@blakjak.net>
To: "Fred Baker (fred)" <fred@cisco.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
On Fri, May 2, 2014 11:57 am, Fred Baker (fred) wrote:
>
> On May 1, 2014, at 4:10 PM, Jean-Francois Mezei
> <jfmezei_nanog@vaxination.ca> wrote:
>
>> Pardon my ignorance here. But in a carrier-grade NAT implementation that
>> serves say 5000 users, when happens when someone from the outside tries
>> to connect to port 80 of the shared routable IP ?
>
> More to the point, your trust boundary includes 5000 people. Do you know
> them all? Who maintains their systems and software? Do you trust them?
>
> What happens if they approach you from behind the NAT?
>
Strikes me as a red herring; CGNat is not shifting your security boundary,
wheras the typical NAT device used on a shared IPv4 connection usually
does.
