Home page logo
/

nanog logo nanog mailing list archives

Re: end2end? (was: RE: Where NAT disenfranchises the end-user ...)
From: Leo Bicknell <bicknell () ufp org>
Date: Fri, 7 Sep 2001 17:21:15 -0400


On Fri, Sep 07, 2001 at 05:09:43PM -0400, Andy Dills wrote:
One is content, the other a content-delivery mechanism. Think about the
post office. It's perfectly acceptable for them to stamp a forwarded
address on the envelope to ensure it's delivery, but perfectly
unacceptable to modify the content inside.

But NAT goes further.  Consider if the post office opened up your
letter, looked at the return address on it, saw that was wrong and
stuck the new one on it, put it back in the envelope and then sent
it on its way.  That's exactly what NAT does with some protocols.

I have no problem with people using NAT, and I have used it myself.
Specifically, I don't my the {IP,port} translation basic NAT does.
Yes, it breaks some protocols, but as long as that's known it's ok.
I have a big problem with the data modification of more recent NAT
implementations.

It does have some interesting implication as to who can modify data
as well.  If a device in the middle has license to modify data in
the middle of a data stream, what are the limits of that license?
If my service provider uses NAT without my consent can I sue them
for reading/changing my data?  If not, why would I be able to sue
them if they do the same thing to e-mail?  What is the difference?

-- 
Leo Bicknell - bicknell () ufp org
Systems Engineer - Internetworking Engineer - CCIE 3440
Read TMBG List - tmbg-list-request () tmbg org, www.tmbg.org


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault