nanog mailing list archives
Re: Netflix banning HE tunnels
From: "Ricky Beam" <jfbeam () gmail com>
Date: Tue, 14 Jun 2016 14:57:40 -0400
On Sun, 12 Jun 2016 19:47:18 -0400, Owen DeLong <owen () delong com> wrote:
NAT may not be security, yet it's the only thing securing billions of people.Nope… NAT Can’t be done without stateful inspection.
Negative.- 1:1 NAT (inside address A == outside address B) requires no state of any kind.
- Connection Tracking is not stateful inspection- NAT Helpers / ALG / etc. (things that look for embedded addresses) aren't "stateful inspection"
The only "security" one gets from NAT comes from the lack of outside visibility through the NAT. An outside host cannot initiate a connection to any specific inside host of their choosing.
I've seen many "IPv6 Capable" CPEs that apply ZERO security to IPv6 traffic. IPv4 goes through NAT, so one gets the pseudo-security of not being directly touchable from the internet.
Current thread:
- RE: Netflix banning HE tunnels, (continued)
- RE: Netflix banning HE tunnels Matthew Huff (Jun 09)
- Re: Netflix banning HE tunnels Sander Steffann (Jun 09)
- Re: Netflix banning HE tunnels Adam Rothschild (Jun 09)
- RE: Netflix banning HE tunnels Steve Mikulasik (Jun 09)
- Re: Netflix banning HE tunnels Cryptographrix (Jun 09)
- Re: Netflix banning HE tunnels Ricky Beam (Jun 09)
- Re: Netflix banning HE tunnels Mark Andrews (Jun 09)
- Re: Netflix banning HE tunnels Baldur Norddahl (Jun 09)
- Re: Netflix banning HE tunnels Ricky Beam (Jun 09)
- Re: Netflix banning HE tunnels Owen DeLong (Jun 12)
- Re: Netflix banning HE tunnels Ricky Beam (Jun 14)
- Re: Netflix banning HE tunnels Valdis . Kletnieks (Jun 14)
- Re: Netflix banning HE tunnels Owen DeLong (Jun 14)
- Re: Netflix banning HE tunnels Mark Milhollan (Jun 17)
- Re: Netflix banning HE tunnels Owen DeLong (Jun 20)
- IPv6 Ingress traffic by default Jared Mauch (Jun 20)
- Re: IPv6 Ingress traffic by default Mark Milhollan (Jun 20)
- Re: IPv6 Ingress traffic by default Mark Andrews (Jun 20)
- Re: IPv6 Ingress traffic by default Owen DeLong (Jun 20)
- Re: IPv6 Ingress traffic by default Mark Andrews (Jun 20)
- Re: Netflix banning HE tunnels Mark Andrews (Jun 20)