Security gain from NAT
Daniel Senie
dts at senie.com
Tue Jun 5 02:06:25 UTC 2007
At 09:07 PM 6/4/2007, Jason Lewis wrote:
>I figured SMB would chime in...but his research says it's not so anonymous.
>
>http://illuminati.coralcdn.org/docs/bellovin.fnat.pdf
Give or take NAT boxes / firewalls that specifically have features to
mess with the IP ID. The SonicWALL products have, for example, a
checkbox that says: "Randomize IP ID".
Some vendors apparently have taken measures to ensure methods such as
monitoring IP ID are less effective. The paper notes this, and the
issues with doing this.
So the "not so anonymous" statement above is really "not so
anonymous, give or take the implementation of the firewall/NAT".
More information about the NANOG
mailing list