[82203] in North American Network Operators' Group
Re: mh (RE: OMB: IPv6 by June 2008)
daemon@ATHENA.MIT.EDU (Sean Doran)
Fri Jul 8 17:24:59 2005
In-Reply-To: <20050707201028.E75D43BFD71@berkshire.machshav.com>
Cc: Sean Doran <smd@cesium.clock.org>, nanog@merit.edu
From: Sean Doran <smd@cesium.clock.org>
Date: Fri, 8 Jul 2005 22:24:22 +0100
To: Steven M.Bellovin <smb@cs.columbia.edu>
Errors-To: owner-nanog@merit.edu
On 7 Jul, 2005, at 21:10, Steven M. Bellovin wrote:
> Real firewalls pass inbound traffic because a
> state table entry exists. NATs do the same thing, with nasty
> side-effects. There is no added security from the header-mangling.
>
To which Len Bosak quipped a few years ago: "If you don't know its
name, you can't curse it".
Sean.
