end2end? (was: RE: Where NAT disenfranchises the end-user ... )

Hire, Ejay Ejay.Hire at Broadslate.net
Mon Sep 10 17:42:36 UTC 2001


Em... I hate to be the bearer of bad news here, but I expect the
Provider-in-the-middle isn't using NAT, They are probably using RFC 1918 Ip
space for Transit links.  This does not necessarily imply that they are
using Nat.

Using RFC 1918 space inside a network on transit segments that will be
passing data but not generating it makes sense.  No-one really needs to be
able to Ping/SNMP-Query/http attack my routers serial links.  using RFC 1918
space on these links precludes that possibility because my interfaces are
not addressable on the public internet.

Comments:



-----Original Message-----
From: bmanning at vacation.karoshi.com
[mailto:bmanning at vacation.karoshi.com]
Sent: Friday, September 07, 2001 8:56 PM
To: andy at xecu.net
Cc: bicknell at ufp.org; nanog at merit.edu
Subject: Re: end2end? (was: RE: Where NAT disenfranchises the end-user
...)



> Can you show damages in the situation of email? Yes. With packets? No. And
> before you come back at me with some crazy convoluted contrived scenario,
> let's just realize how far off the beaten path we are at this point. If
> your ISP is going to force you to use NAT, "against your will", get a new
> fricking provider. For that matter, what ISP NATs you against your will?

	Not quite so friend Andy.  Someone in UAE claims that I sent
	porn to them.  And investigation shows that not only is there
	a NAT one hop away from the purported victim, there is -another-
	NAT in the path, injected by some intermediate ISP as well as
	the one injected by my provider.  Now I can chage my provider
	to one w/o NAT.  I can even get the PV to change
	their provider (well maybe, given they are in UAE) But how 
	can we avoid the intermediate ISP that is in the transit path?

	And can I persuade the judge that since NATs are known to
	muck about w/ addresses & such that I can construct a case
	that what was received did not come from me. So the porn
	came from one of the NAT operators.


> 
> Andy Dills                              301-682-9972
> Dialup * Webhosting * E-Commerce * High-Speed Access
> 



More information about the NANOG mailing list