Re: [nat66] New NAT66 Draft

Tue, 10 Mar 2009 15:54:30 -0700 

On Mar 10, 2009, at 3:21 PM, Margaret Wasserman wrote:
IMO, security benefits are better provided by an actual network security device, such as a firewall, that can be more flexibly configured to block or allow desired levels/types of access on a per- host or per-application basis. Others' mileage may vary. 


Very much agree. To give but one example of ways NAT-style topology  
hiding doesn't, here are the "Received" headers from your recent email  
as seen at my system. I'll leave it to you to decide what can be  
learned about networks and network topology if one reads one's email  
envelopes.



Received: from xbh-sjc-221.amer.cisco.com ([128.107.191.63]) by xmb- 
sjc-225.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830);

         Tue, 10 Mar 2009 15:22:07 -0700

Received: from sj-iport-3.cisco.com ([171.71.176.72]) by xbh- 
sjc-221.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830);

         Tue, 10 Mar 2009 15:22:07 -0700
Received: from sj-dkim-3.cisco.com ([171.71.179.195])
 by sj-iport-3.cisco.com with ESMTP; 10 Mar 2009 22:22:07 +0000

Received: from sj-core-5.cisco.com (sj-core-5.cisco.com  
[171.71.177.238])

        by sj-dkim-3.cisco.com (8.12.11/8.12.11) with ESMTP id n2AMM54m017983;
        Tue, 10 Mar 2009 15:22:05 -0700

Received: from sj-inbound-f.cisco.com (sj-inbound-f.cisco.com  
[128.107.234.207])

        by sj-core-5.cisco.com (8.13.8/8.13.8) with ESMTP id n2AMM5ZN006429;
        Tue, 10 Mar 2009 22:22:05 GMT
Received: from mail.ietf.org ([64.170.98.32])
 by sj-inbound-f.cisco.com with ESMTP; 10 Mar 2009 22:22:04 +0000
Received: from [127.0.0.1] (localhost [127.0.0.1])
        by core3.amsl.com (Postfix) with ESMTP id EBF5D3A698D;
        Tue, 10 Mar 2009 15:21:28 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1])
        by core3.amsl.com (Postfix) with ESMTP id 43F6B3A67ED
        for <[email protected]>; Tue, 10 Mar 2009 15:21:27 -0700 (PDT)
Received: from mail.ietf.org ([64.170.98.32])
        by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
        with ESMTP id U60S9URlBL4K for <[email protected]>;
        Tue, 10 Mar 2009 15:21:26 -0700 (PDT)
Received: from QMTA07.westchester.pa.mail.comcast.net
        (qmta07.westchester.pa.mail.comcast.net [76.96.62.64])
        by core3.amsl.com (Postfix) with ESMTP id 5C6103A698D
        for <[email protected]>; Tue, 10 Mar 2009 15:21:26 -0700 (PDT)
Received: from OMTA01.westchester.pa.mail.comcast.net ([76.96.62.11])
        by QMTA07.westchester.pa.mail.comcast.net with comcast
        id RYpt1b00E0EZKEL57aN2Xl; Tue, 10 Mar 2009 22:22:02 +0000
Received: from [10.2.0.63] ([69.33.111.74])
        by OMTA01.westchester.pa.mail.comcast.net with comcast
        id RaMj1b00H1cMU3H3MaMobj; Tue, 10 Mar 2009 22:22:00 +0000
_______________________________________________
nat66 mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/nat66






















					Reply via email to