Re: Rate of growth on IPv6 not fast enough?

[Karl Auer <kauer () biplane com au>]

On Tue, 2010-04-20 at 21:27 -0700, Owen DeLong wrote:
> I believe we are talking about the case where some engineer
> fat-fingers a change and Roger's claim is that a stateful inspection
> without NAT box will permit unintended traffic while a NAT box will
> not.

Possibly restating Mark's point, but if fat fingers are allowed as a
source of failure, impact is unlimited.

> IOW, All of NAT's security comes from the fact that it requires a
> state table, like stateful inspection.
Er - I think it's a deeper point I was making. To the extent that NAT
offers security at all, that security comes as an *unintentional side
effect* of the job it is actually designed to do. That is, the NAT
device *does not care* about its "security" function.

Regards, K.

>
-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer () biplane com au)                   +61-2-64957160 (h)
http://www.biplane.com.au/~kauer/                  +61-428-957160 (mob)

GPG fingerprint: B386 7819 B227 2961 8301 C5A9 2EBC 754B CD97 0156
Old fingerprint: 07F3 1DF9 9D45 8BCD 7DD5 00CE 4A44 6A03 F43A 7DEF

Attachment: signature.asc
Description: This is a digitally signed message part