Eric,
I agree with most of your post but there is something that you have not
grasped IMHO.
It is true that "dissimulating" the private (RFC1918?) address does not
achieve much in terms of security: in order to access:
http://arneill-py.sacramento.ca.us/ipv6mh/ you do not need to know nor
care th
On Wednesday, June 18, 2003, at 06:28 PM, Tomson Eric ((Yahoo.fr))
wrote:
Now, the fact that masking the internal addresses to the external
world - so that internal hosts can initiate traffic to the outside,
but no
external host can initiate traffic to the inside - brings some basic
security, i
On Thu, 19 Jun 2003 00:55:49 EDT, S Woodside said:
> On Wednesday, June 18, 2003, at 06:28 PM, Tomson Eric ((Yahoo.fr))
> wrote:
>
> > Now, the fact that masking the internal addresses to the external
> > world - so that internal hosts can initiate traffic to the outside,
> > but no
> > externa
At 01:34 AM 6/19/2003, [EMAIL PROTECTED] wrote:
On Thu, 19 Jun 2003 00:55:49 EDT, S Woodside said:
> On Wednesday, June 18, 2003, at 06:28 PM, Tomson Eric ((Yahoo.fr))
> wrote:
>
> > Now, the fact that masking the internal addresses to the external
> > world - so that internal hosts can initiate
Daniel,
I agree with the rest of your post, however
> Since NAPT uses stateful inspection to operate,
I think I don't agree with this. I would say that NAPT is a stateful
process but not that it uses inspection. By "inspection" I understand a
more intelligent process that decapsulates packets an
On Thursday, June 19, 2003, at 01:34 AM, [EMAIL PROTECTED] wrote:
Is this just security through obscurity, or something better?
Security through obscurity. See Bellovin's paper on enumerating
through a NAT.
http://www.research.att.com/~smb/papers/fnat.pdf
This paper has nothing to do with secu
On Thu, 19 Jun 2003, Michel Py wrote:
> Daniel,
>
> I agree with the rest of your post, however
>
> > Since NAPT uses stateful inspection to operate,
when referring to NAPT, we are talking about rinetd, right? you can run
that on a linux box with two network interfaces (ethernet, ppp, token
ring
On Thu, 19 Jun 2003 03:57:40 EDT, Daniel Senie <[EMAIL PROTECTED]> said:
> Maybe YOU should read it, and explain how this is useful for attacking the
> hosts behind a NAPT box. The technique described in this paper uses
> variations in the IPid field as evidence of more than one host generating
Hackers first crack the exposed host. Then they see if it has multiple
interfaces. The local ARP cache will tell them the RFC1918 addresses if it
is a NAT.
The "NAT" just clusters several machines together in one machine.
Whether there are multiple machines behind a NAT is of little consequence.
