On Feb 16, 2012, at 5:11 PM, Masataka Ohta wrote: > Andreas Echavez wrote: > >> *Why disabling ICMP doesn't increase security and only hurts the web* *(path >> MTU discovery, diagnostics) > > That PMTUD works is a misconception. >
It actually works where people have not made active efforts to break it. >> *How NAT breaks end-to-end connectivity (fun one..., took me >> hours to explain to an old boss why doing NAT at the ISP level >> was horrendously wrong) > > That's another misconception. > > While NAT breaks the end to end connectivity, it can be > restored by end systems by reversing translations by NAT, > if proper information on the translations are obtained > through some protocol such as UPnP. > Sigh... NAT is a horrible hack that served us all too well in address conservation. Beyond that, it is merely a source of pain. Owen