Arguing against using public IP space

Karl Auer kauer at biplane.com.au
Tue Nov 15 20:07:56 CST 2011


On Wed, 2011-11-16 at 12:20 +1100, Mark Andrews wrote:
> You are making assumptions about how the NAT is designed.
> [...]
> Unless you know the internals of a NAT you cannot say whether it
> fails open or closed.

Indeed not!

From 2010, during an identical discussion:

   http://seclists.org/nanog/2010/Apr/1166

To me, "fail" means that a system stops doing what it was designed to
do. The results are by definition undefined. Others seem to think that
"fail" means a kind of default.

> it is actually feasible to probe through a NAT using LSR.

What's LSR in this context? Loose source routing, I'm guessing.

Regards, K.

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer at biplane.com.au)                   +61-2-64957160 (h)
http://www.biplane.com.au/kauer/                   +61-428-957160 (mob)

GPG fingerprint: DA41 51B1 1481 16E1 F7E2 B2E9 3007 14ED 5736 F687
Old fingerprint: B386 7819 B227 2961 8301 C5A9 2EBC 754B CD97 0156
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20111116/b40568c4/attachment.bin>


More information about the NANOG mailing list