[97245] in North American Network Operators' Group
Re: Security gain from NAT (was: Re: Cool IPv6 Stuff)
daemon@ATHENA.MIT.EDU (Donald Stahl)
Mon Jun 4 21:19:06 2007
Date: Mon, 4 Jun 2007 20:56:40 -0400 (EDT)
From: Donald Stahl <don@calis.blacksun.org>
To: Matthew Palmer <mpalmer@hezmatt.org>
Cc: NANOG list <nanog@nanog.org>
In-Reply-To: <20070604235719.GC30667@hezmatt.org>
Errors-To: owner-nanog@merit.edu
> Surely that second quote should be "crap, now macrumors can tell that one
> person in our office follows them obsessively"? Unless there's
> publically-available information that indicates that IP address is your
> CEO's (which is a whole other topic -- publically available rDNS for
> company-internal IPv6 ranges).
In addition, IPv6 supports temporary addresses that can change every day.
If your browser binds to a temporary address, and it changes daily, then
the anonymizing feature of NAT becomes a whole lot less useful.
>> NAT is still evil though, the problems it causes operationally are
>> just plain not worth it.
> Amen to that.
I think evil sums up NAT nicely :)
-Don
