Arguing against using public IP space
Karl Auer
kauer at biplane.com.au
Wed Nov 16 02:07:56 UTC 2011
On Wed, 2011-11-16 at 12:20 +1100, Mark Andrews wrote:
> You are making assumptions about how the NAT is designed.
> [...]
> Unless you know the internals of a NAT you cannot say whether it
> fails open or closed.
Indeed not!
From 2010, during an identical discussion:
http://seclists.org/nanog/2010/Apr/1166
To me, "fail" means that a system stops doing what it was designed to
do. The results are by definition undefined. Others seem to think that
"fail" means a kind of default.
> it is actually feasible to probe through a NAT using LSR.
What's LSR in this context? Loose source routing, I'm guessing.
Regards, K.
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer at biplane.com.au) +61-2-64957160 (h)
http://www.biplane.com.au/kauer/ +61-428-957160 (mob)
GPG fingerprint: DA41 51B1 1481 16E1 F7E2 B2E9 3007 14ED 5736 F687
Old fingerprint: B386 7819 B227 2961 8301 C5A9 2EBC 754B CD97 0156
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20111116/b40568c4/attachment.sig>
More information about the NANOG
mailing list