nanog mailing list archives

Re: Security gain from NAT

From: Daniel Senie <dts () senie com>
Date: Mon, 04 Jun 2007 22:06:25 -0400


At 09:07 PM 6/4/2007, Jason Lewis wrote:

I figured SMB would chime in...but his research says it's not so anonymous.

http://illuminati.coralcdn.org/docs/bellovin.fnat.pdf

Give or take NAT boxes / firewalls that specifically have features tomess with the IP ID. The SonicWALL products have, for example, acheckbox that says: "Randomize IP ID".

Some vendors apparently have taken measures to ensure methods such asmonitoring IP ID are less effective. The paper notes this, and theissues with doing this.

So the "not so anonymous" statement above is really "not soanonymous, give or take the implementation of the firewall/NAT".

Current thread:

Re: Cool IPv6 Stuff, (continued)
- - - Re: Cool IPv6 Stuff Owen DeLong (Jun 04)
    - Security gain from NAT (was: Re: Cool IPv6 Stuff) Jim Shankland (Jun 04)
    - Re: Security gain from NAT (was: Re: Cool IPv6 Stuff) Joe Abley (Jun 04)
    - Re: Security gain from NAT Sam Stickland (Jun 04)
    - RE: Security gain from NAT Howard C. Berkowitz (Jun 04)
    - Re: Security gain from NAT (was: Re: Cool IPv6 Stuff) Owen DeLong (Jun 04)
    - Re: Security gain from NAT (was: Re: Cool IPv6 Stuff) Colm MacCarthaigh (Jun 04)
    - Re: Security gain from NAT (was: Re: Cool IPv6 Stuff) Matthew Palmer (Jun 04)
    - Re: Security gain from NAT (was: Re: Cool IPv6 Stuff) Donald Stahl (Jun 04)
    - Re: Security gain from NAT Jason Lewis (Jun 04)
    - Re: Security gain from NAT Daniel Senie (Jun 04)
    - Re: Security gain from NAT Steven M. Bellovin (Jun 05)
    - RE: Security gain from NAT (was: Re: Cool IPv6 Stuff) David Schwartz (Jun 04)
    - RE: Security gain from NAT (was: Re: Cool IPv6 Stuff) Donald Stahl (Jun 04)
    - Re: Security gain from NAT (was: Re: Cool IPv6 Stuff) Owen DeLong (Jun 04)
    - RE: Security gain from NAT (was: Re: Cool IPv6 Stuff) David Schwartz (Jun 04)
    - Re: Security gain from NAT (was: Re: Cool IPv6 Stuff) Matthew Palmer (Jun 04)
    - RE: Security gain from NAT (was: Re: Cool IPv6 Stuff) David Schwartz (Jun 05)
    - Re: Security gain from NAT Jeff McAdams (Jun 05)
    - Re: Security gain from NAT (was: Re: Cool IPv6 Stuff) Nicholas Suan (Jun 05)
    - Re: Security gain from NAT (was: Re: Cool IPv6 Stuff) Nicholas Suan (Jun 04)

(Thread continues...)