On 6/9/2014 6:34 AM, David Singer wrote:
On Jun 8, 2014, at 20:26 , Joe Touch <to...@isi.edu> wrote:
a NAT hides the host *at the expense* of exposing a router
If I have the energy to do a DoS attack, surely I have the energy to
traceroute the hosts I know to find a common routing point?
1) ICMPs are often blocked - either at network boundaries or inside
routers themselves
2) an ICMP tells you only how your packets get to the destination; it
says nothing about how other traffic gets there or the return path
A NAT address tells you both directions and *cannot* be hidden except by
another NAT along the same path.
Joe
David Singer
Manager, Software Standards, Apple Inc.
_______________________________________________
Int-area mailing list
Int-area@ietf.org
https://www.ietf.org/mailman/listinfo/int-area