On 6/9/2014 6:34 AM, David Singer wrote:
On Jun 8, 2014, at 20:26 , Joe Touch <to...@isi.edu> wrote:a NAT hides the host *at the expense* of exposing a routerIf I have the energy to do a DoS attack, surely I have the energy to traceroute the hosts I know to find a common routing point?
1) ICMPs are often blocked - either at network boundaries or inside routers themselves
2) an ICMP tells you only how your packets get to the destination; it says nothing about how other traffic gets there or the return path
A NAT address tells you both directions and *cannot* be hidden except by another NAT along the same path.
Joe
David Singer Manager, Software Standards, Apple Inc.
_______________________________________________ Int-area mailing list Int-area@ietf.org https://www.ietf.org/mailman/listinfo/int-area
