North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: end2end? (was: RE: Where NAT disenfranchises the end-user ...)

  • From: Leo Bicknell
  • Date: Fri Sep 07 17:04:25 2001

On Fri, Sep 07, 2001 at 11:57:24AM -0700, Mike Batchelor wrote:
> Well of course, that was my point.  Where do you draw the line?  The packet
> as received is not identical to the packet as it was sent, even when NAT is
> not involved.  Along the way, various things get modified, the packet is
> encapulated, unwrapped, re-encapsulated, TTLs get decremented, ... all

It violates a layering principal.  An application never 'creates'
a packet (particularly when thinking about TCP).  Thus the application
doesn't pick the initial TTL, for instance.  So there's no reason
the application should expect it to be a particular value at the

An application very much creates it's own data stream, and expects
a reliable transport scheme to pass it _unaltered_.  Note, NAT can
cause issues here.  If I run a telnet server on port 53, telnet to
it through a NAT gateway, and send data that looks like an AXFR,
it will probably change it, thinking it's operating on DNS.  That's
pretty dangerous.

It also crosses an interesting legal line.  If your an ISP customer
and it's ok for the ISP to read your data stream and alter it in
real time to provide NAT, why wouldn't it be legal for them to read
your e-mail in real time as it passes, and alter what you said?
The same boxes could do it.  What makes it ok to alter an IP address
here and there, but not alter a word?  Why are they different?

Leo Bicknell - [email protected]
Systems Engineer - Internetworking Engineer - CCIE 3440
Read TMBG List - [email protected],