end2end? (was: RE: Where NAT disenfranchises the end-user ...)
Leo Bicknell
bicknell at ufp.org
Fri Sep 7 21:00:24 UTC 2001
On Fri, Sep 07, 2001 at 11:57:24AM -0700, Mike Batchelor wrote:
> Well of course, that was my point. Where do you draw the line? The packet
> as received is not identical to the packet as it was sent, even when NAT is
> not involved. Along the way, various things get modified, the packet is
> encapulated, unwrapped, re-encapsulated, TTLs get decremented, ... all
It violates a layering principal. An application never 'creates'
a packet (particularly when thinking about TCP). Thus the application
doesn't pick the initial TTL, for instance. So there's no reason
the application should expect it to be a particular value at the
end.
An application very much creates it's own data stream, and expects
a reliable transport scheme to pass it _unaltered_. Note, NAT can
cause issues here. If I run a telnet server on port 53, telnet to
it through a NAT gateway, and send data that looks like an AXFR,
it will probably change it, thinking it's operating on DNS. That's
pretty dangerous.
It also crosses an interesting legal line. If your an ISP customer
and it's ok for the ISP to read your data stream and alter it in
real time to provide NAT, why wouldn't it be legal for them to read
your e-mail in real time as it passes, and alter what you said?
The same boxes could do it. What makes it ok to alter an IP address
here and there, but not alter a word? Why are they different?
--
Leo Bicknell - bicknell at ufp.org
Systems Engineer - Internetworking Engineer - CCIE 3440
Read TMBG List - tmbg-list-request at tmbg.org, www.tmbg.org
More information about the NANOG
mailing list