Netflix banning HE tunnels

• Previous message (by thread): Netflix banning HE tunnels
• Next message (by thread): Netflix banning HE tunnels
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, 12 Jun 2016 19:47:18 -0400, Owen DeLong <owen at delong.com> wrote:
>> NAT may not be security, yet it's the only thing securing billions of  
>> people.
>
> Nope… NAT Can’t be done without stateful inspection.

Negative.
- 1:1 NAT (inside address A == outside address B) requires no state of any  
kind.
- Connection Tracking is not stateful inspection
- NAT Helpers / ALG / etc. (things that look for embedded addresses)  
aren't "stateful inspection"

The only "security" one gets from NAT comes from the lack of outside  
visibility through the NAT. An outside host cannot initiate a connection  
to any specific inside host of their choosing.

I've seen many "IPv6 Capable" CPEs that apply ZERO security to IPv6  
traffic. IPv4 goes through NAT, so one gets the pseudo-security of not  
being directly touchable from the internet.

• Previous message (by thread): Netflix banning HE tunnels
• Next message (by thread): Netflix banning HE tunnels
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]