nanog mailing list archives

Re: Arguing against using public IP space


From: Karl Auer <kauer () biplane com au>
Date: Wed, 16 Nov 2011 13:07:56 +1100

On Wed, 2011-11-16 at 12:20 +1100, Mark Andrews wrote:
You are making assumptions about how the NAT is designed.
[...]
Unless you know the internals of a NAT you cannot say whether it
fails open or closed.

Indeed not!

From 2010, during an identical discussion:

   http://seclists.org/nanog/2010/Apr/1166

To me, "fail" means that a system stops doing what it was designed to
do. The results are by definition undefined. Others seem to think that
"fail" means a kind of default.

it is actually feasible to probe through a NAT using LSR.

What's LSR in this context? Loose source routing, I'm guessing.

Regards, K.

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer () biplane com au)                   +61-2-64957160 (h)
http://www.biplane.com.au/kauer/                   +61-428-957160 (mob)

GPG fingerprint: DA41 51B1 1481 16E1 F7E2 B2E9 3007 14ED 5736 F687
Old fingerprint: B386 7819 B227 2961 8301 C5A9 2EBC 754B CD97 0156

Attachment: signature.asc
Description: This is a digitally signed message part


Current thread: