Rate of growth on IPv6 not fast enough?

Karl Auer kauer at biplane.com.au
Wed Apr 21 00:49:51 CDT 2010


On Tue, 2010-04-20 at 21:27 -0700, Owen DeLong wrote:
> I believe we are talking about the case where some engineer
> fat-fingers a change and Roger's claim is that a stateful inspection
> without NAT box will permit unintended traffic while a NAT box will
> not.

Possibly restating Mark's point, but if fat fingers are allowed as a
source of failure, impact is unlimited.

> IOW, All of NAT's security comes from the fact that it requires a
> state table, like stateful inspection.
> 
Er - I think it's a deeper point I was making. To the extent that NAT
offers security at all, that security comes as an *unintentional side
effect* of the job it is actually designed to do. That is, the NAT
device *does not care* about its "security" function.

Regards, K.

> 
-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer at biplane.com.au)                   +61-2-64957160 (h)
http://www.biplane.com.au/~kauer/                  +61-428-957160 (mob)

GPG fingerprint: B386 7819 B227 2961 8301 C5A9 2EBC 754B CD97 0156
Old fingerprint: 07F3 1DF9 9D45 8BCD 7DD5 00CE 4A44 6A03 F43A 7DEF
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20100421/ffb8e3d1/attachment.bin>


More information about the NANOG mailing list