Security gain from NAT

• Previous message (by thread): Security gain from NAT
• Next message (by thread): Security gain from NAT
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

At 09:07 PM 6/4/2007, Jason Lewis wrote:


>I figured SMB would chime in...but his research says it's not so anonymous.
>
>http://illuminati.coralcdn.org/docs/bellovin.fnat.pdf

Give or take NAT boxes / firewalls that specifically have features to 
mess with the IP ID. The SonicWALL products have, for example, a 
checkbox that says: "Randomize IP ID".

Some vendors apparently have taken measures to ensure methods such as 
monitoring IP ID are less effective. The paper notes this, and the 
issues with doing this.

So the "not so anonymous" statement above is really "not so 
anonymous, give or take the implementation of the firewall/NAT".

• Previous message (by thread): Security gain from NAT
• Next message (by thread): Security gain from NAT
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]