Re: Hiding NATs with PF
From: Max Bolingbroke (batterseapower_at_hotmail.com)
Date: 09/28/05
- Next message: Max Bolingbroke: "Re: Hiding NATs with PF"
- Previous message: ?: "Re: Hiding NATs with PF"
- In reply to: Simon Farnsworth: "Re: Hiding NATs with PF"
- Next in thread: Simon Farnsworth: "Re: Hiding NATs with PF"
- Reply: Simon Farnsworth: "Re: Hiding NATs with PF"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: 28 Sep 2005 13:51:21 -0700
> Assuming the person who sets the NAT router up is competent, it's not an
> issue. However, it's not uncommon for internal routing infrastructure to be
> running on RFC 1918 private IP addresses (the same batch you'll choose your
> private addresses from). If you (by accident or through stupidity) start
> letting your "private" addresses through, you could kill parts of their
> campus routing by poisoning ARP tables.
Ah, thats interesting! Sounds like a mistake thats pretty hard to make
though, not on the order of the serious routing overhead they describe.
> You and I share one IP via NAT; said IP is registered to you. I break into a
> bank's computer system. When the authorities come to get you, you point the
> finger at me. I point the finger at you, and we have a standoff. By banning
> NAT routers, your upstream can get you for unauthorised NAT even if they
> can't get you for the break-in.
You're right, I didn't consider a scenario with two users.
Thanks very much for your help,
Max
- Next message: Max Bolingbroke: "Re: Hiding NATs with PF"
- Previous message: ?: "Re: Hiding NATs with PF"
- In reply to: Simon Farnsworth: "Re: Hiding NATs with PF"
- Next in thread: Simon Farnsworth: "Re: Hiding NATs with PF"
- Reply: Simon Farnsworth: "Re: Hiding NATs with PF"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
