Rate of growth on IPv6 not fast enough?
kauer at biplane.com.au
Wed Apr 21 00:49:51 CDT 2010
On Tue, 2010-04-20 at 21:27 -0700, Owen DeLong wrote:
> I believe we are talking about the case where some engineer
> fat-fingers a change and Roger's claim is that a stateful inspection
> without NAT box will permit unintended traffic while a NAT box will
Possibly restating Mark's point, but if fat fingers are allowed as a
source of failure, impact is unlimited.
> IOW, All of NAT's security comes from the fact that it requires a
> state table, like stateful inspection.
Er - I think it's a deeper point I was making. To the extent that NAT
offers security at all, that security comes as an *unintentional side
effect* of the job it is actually designed to do. That is, the NAT
device *does not care* about its "security" function.
Karl Auer (kauer at biplane.com.au) +61-2-64957160 (h)
http://www.biplane.com.au/~kauer/ +61-428-957160 (mob)
GPG fingerprint: B386 7819 B227 2961 8301 C5A9 2EBC 754B CD97 0156
Old fingerprint: 07F3 1DF9 9D45 8BCD 7DD5 00CE 4A44 6A03 F43A 7DEF
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 197 bytes
Desc: This is a digitally signed message part
More information about the NANOG