Re: Security gain from NAT

North American Network Operators Group

Re: Security gain from NAT

From: Daniel Senie
Date: Mon Jun 04 22:08:19 2007

At 09:07 PM 6/4/2007, Jason Lewis wrote:

I figured SMB would chime in...but his research says it's not so anonymous.

http://illuminati.coralcdn.org/docs/bellovin.fnat.pdf

Give or take NAT boxes / firewalls that specifically have features to mess with the IP ID. The SonicWALL products have, for example, a checkbox that says: "Randomize IP ID".

Some vendors apparently have taken measures to ensure methods such as monitoring IP ID are less effective. The paper notes this, and the issues with doing this.

So the "not so anonymous" statement above is really "not so anonymous, give or take the implementation of the firewall/NAT".

Follow-Ups:
- Re: Security gain from NAT Steven M. Bellovin

References:
- Re: Cool IPv6 Stuff Owen DeLong
- Cool IPv6 Stuff Jeroen Massar
- Re: Cool IPv6 Stuff Jared Mauch
- Re: Cool IPv6 Stuff Sam Stickland
- Re: Cool IPv6 Stuff Adrian Chadd
- Re: Cool IPv6 Stuff Joel Jaeggli
- Security gain from NAT (was: Re: Cool IPv6 Stuff) Jim Shankland
- Re: Security gain from NAT (was: Re: Cool IPv6 Stuff) Owen DeLong
- Re: Security gain from NAT (was: Re: Cool IPv6 Stuff) Colm MacCarthaigh
- Re: Security gain from NAT Jason Lewis

Prev by Date: Re: Security gain from NAT
Next by Date: Enterprise IPv6 (Was: Cool IPv6 Stuff/Security gain from NAT)
Date Index
Thread Index
Author Index
Historical