Home page logo
/

nanog logo nanog mailing list archives

Re: BCP38 tester?
From: Jay Ashworth <jra () baylink com>
Date: Mon, 1 Apr 2013 12:23:35 -0400 (EDT)

----- Original Message -----
From: "Karl Auer" <kauer () biplane com au>

On Sun, 2013-03-31 at 22:32 -0400, Jay Ashworth wrote:
This thought crossed my mind earlier today, when I asked Jeff if
IP-forged
packets would make it through a NAT, outbound. He said no (I think),
but
I'm not entirely sure that's right.

Welll - the packets might make it out, and be transmitted into the
Internet, but they would have a legitimate source address, namely an
outside address of the NAT router. A side effect of NAT is to clamp the
source address range of outbound packets to the configured NAT outside
address range.

D'oh.  Of course.

Hmmm.  That says things about the penetration of NAT routers at consumer
eyeball connections vs. directly connected PCs that surprise me.

Cheers,
-- jra
-- 
Jay R. Ashworth                  Baylink                       jra () baylink com
Designer                     The Things I Think                       RFC 2100
Ashworth & Associates     http://baylink.pitas.com         2000 Land Rover DII
St Petersburg FL USA               #natog                      +1 727 647 1274


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault