[82209] in North American Network Operators' Group
Re: mh (RE: OMB: IPv6 by June 2008)
daemon@ATHENA.MIT.EDU (Joseph S D Yao)
Fri Jul 8 18:25:29 2005
Date: Fri, 8 Jul 2005 18:20:04 -0400
From: Joseph S D Yao <jsdy@center.osis.gov>
To: Sean Doran <smd@cesium.clock.org>
Cc: "Steven M.Bellovin" <smb@cs.columbia.edu>, nanog@merit.edu
Mail-Followup-To: Sean Doran <smd@cesium.clock.org>,
"Steven M.Bellovin" <smb@cs.columbia.edu>, nanog@merit.edu
In-Reply-To: <E94E7EE7-807D-4EE6-8346-C28184FBAE43@cesium.clock.org>
Errors-To: owner-nanog@merit.edu
On Fri, Jul 08, 2005 at 10:24:22PM +0100, Sean Doran wrote:
> On 7 Jul, 2005, at 21:10, Steven M. Bellovin wrote:
> >Real firewalls pass inbound traffic because a
> >state table entry exists. NATs do the same thing, with nasty
> >side-effects. There is no added security from the header-mangling.
>
> To which Len Bosak quipped a few years ago: "If you don't know its
> name, you can't curse it".
Sure you can. For a human entity, get a few hairs from its head or nail
clippings. For a network entity, get the bits of its externally visible
IP address.
--
Joe Yao
-----------------------------------------------------------------------
This message is not an official statement of OSIS Center policies.
