Security gain from NAT (was: Re: Cool IPv6 Stuff)
Donald Stahl
don at calis.blacksun.org
Tue Jun 5 00:56:40 UTC 2007
> Surely that second quote should be "crap, now macrumors can tell that one
> person in our office follows them obsessively"? Unless there's
> publically-available information that indicates that IP address is your
> CEO's (which is a whole other topic -- publically available rDNS for
> company-internal IPv6 ranges).
In addition, IPv6 supports temporary addresses that can change every day.
If your browser binds to a temporary address, and it changes daily, then
the anonymizing feature of NAT becomes a whole lot less useful.
>> NAT is still evil though, the problems it causes operationally are
>> just plain not worth it.
> Amen to that.
I think evil sums up NAT nicely :)
-Don
More information about the NANOG
mailing list