nanog mailing list archives
Re: end2end? (was: RE: Where NAT disenfranchises the end-user ...)
From: Leo Bicknell <bicknell () ufp org>
Date: Fri, 7 Sep 2001 17:00:24 -0400
On Fri, Sep 07, 2001 at 11:57:24AM -0700, Mike Batchelor wrote:
Well of course, that was my point. Where do you draw the line? The packet as received is not identical to the packet as it was sent, even when NAT is not involved. Along the way, various things get modified, the packet is encapulated, unwrapped, re-encapsulated, TTLs get decremented, ... all
It violates a layering principal. An application never 'creates' a packet (particularly when thinking about TCP). Thus the application doesn't pick the initial TTL, for instance. So there's no reason the application should expect it to be a particular value at the end. An application very much creates it's own data stream, and expects a reliable transport scheme to pass it _unaltered_. Note, NAT can cause issues here. If I run a telnet server on port 53, telnet to it through a NAT gateway, and send data that looks like an AXFR, it will probably change it, thinking it's operating on DNS. That's pretty dangerous. It also crosses an interesting legal line. If your an ISP customer and it's ok for the ISP to read your data stream and alter it in real time to provide NAT, why wouldn't it be legal for them to read your e-mail in real time as it passes, and alter what you said? The same boxes could do it. What makes it ok to alter an IP address here and there, but not alter a word? Why are they different? -- Leo Bicknell - bicknell () ufp org Systems Engineer - Internetworking Engineer - CCIE 3440 Read TMBG List - tmbg-list-request () tmbg org, www.tmbg.org
Current thread:
- Re: Where NAT disenfranchises the end-user ..., (continued)
- Re: Where NAT disenfranchises the end-user ... bmanning (Sep 07)
- Re: Where NAT disenfranchises the end-user ... Valdis . Kletnieks (Sep 07)
- Re: Where NAT disenfranchises the end-user ... Scott Francis (Sep 07)
- end2end? (was: RE: Where NAT disenfranchises the end-user ...) Mike Batchelor (Sep 07)
- Re: end2end? (was: RE: Where NAT disenfranchises the end-user ...) Joel Jaeggli (Sep 07)
- Re: end2end? (was: RE: Where NAT disenfranchises the end-user ...) Jon Mansey (Sep 07)
- Re[3]: Where NAT disenfranchises the end-user ...) Richard Welty (Sep 07)
- Re: end2end? (was: RE: Where NAT disenfranchises the end-user ...) Leo Bicknell (Sep 07)
- RE: end2end? (was: RE: Where NAT disenfranchises the end-user ...) Mike Batchelor (Sep 07)
- Re: end2end? (was: RE: Where NAT disenfranchises the end-user ...) Joel Baker (Sep 07)
- Re: end2end? (was: RE: Where NAT disenfranchises the end-user ...) Leo Bicknell (Sep 07)
- Re: end2end? (was: RE: Where NAT disenfranchises the end-user ...) Andy Dills (Sep 07)
- Re: end2end? (was: RE: Where NAT disenfranchises the end-user ...) Leo Bicknell (Sep 07)
- Re: end2end? (was: RE: Where NAT disenfranchises the end-user ...) steve uurtamo (Sep 07)
- RE: end2end? (was: RE: Where NAT disenfranchises the end-user ...) Tony Hain (Sep 07)
- Re: end2end? (was: RE: Where NAT disenfranchises the end-user ...) Andy Dills (Sep 07)
- Re: end2end? (was: RE: Where NAT disenfranchises the end-user ...) Adam McKenna (Sep 07)
- Re: end2end? (was: RE: Where NAT disenfranchises the end-user ...) bmanning (Sep 07)
- Re: end2end? (was: RE: Where NAT disenfranchises the end-user ...) steve uurtamo (Sep 07)
- Re: end2end? (was: RE: Where NAT disenfranchises the end-user ...) Leo Bicknell (Sep 07)
- RE: end2end? (was: RE: Where NAT disenfranchises the end-user ...) Mike Batchelor (Sep 07)