nanog mailing list archives
RE: quietly....
From: Jon Lewis <jlewis () lewis org>
Date: Thu, 3 Feb 2011 11:16:18 -0500 (EST)
On Thu, 3 Feb 2011, Brian Johnson wrote:
3) To give all your outbound sessions a mutual appearance, so as to confound those attempting to build a profile of your activity.So this goes back to security through obscurity. OK.
There's an awful lot of inertia in the "NAPT/firewall keeps our hosts safe from the internet" mentality. Sure, a stateful firewall can be configured allow all outbound traffic and only connected/related inbound. When someone breaks or shuts off that filter, traffic through the NAPT firewall stops working. On the stateful firewall with public IPs on both sides, everything works...including the traffic you didn't want.
People are going to want NAT66...and not providing it may slow down IPv6 adoption.
---------------------------------------------------------------------- Jon Lewis, MCP :) | I route Senior Network Engineer | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
Current thread:
- Re: quietly...., (continued)
- Re: quietly.... Owen DeLong (Feb 01)
- Re: quietly.... Dave Israel (Feb 01)
- Re: quietly.... Jack Bates (Feb 01)
- Re: quietly.... Owen DeLong (Feb 02)
- Re: quietly.... John Payne (Feb 02)
- Re: quietly.... Owen DeLong (Feb 02)
- Re: quietly.... John Payne (Feb 02)
- Re: quietly.... Brian Johnson (Feb 02)
- Re: quietly.... Dave Israel (Feb 02)
- RE: quietly.... Brian Johnson (Feb 03)
- RE: quietly.... Jon Lewis (Feb 03)
- Re: quietly.... Jay Ashworth (Feb 03)
- RE: quietly.... Matthew Huff (Feb 03)
- Re: quietly.... Owen DeLong (Feb 03)
- RE: quietly.... Matthew Huff (Feb 03)
- Re: quietly.... Owen DeLong (Feb 03)
- Re: quietly.... Jack Bates (Feb 03)
- Re: quietly.... Lamar Owen (Feb 03)
- Re: quietly.... Jack Bates (Feb 03)
- Re: quietly.... Lamar Owen (Feb 03)
- Re: quietly.... Simon Perreault (Feb 03)