On Wed, 21 Apr 2010 14:24:37 -0400
William Herrin b...@herrin.us wrote:
On Tue, Apr 20, 2010 at 9:34 PM, Karl Auer ka...@biplane.com.au wrote:
On Tue, 2010-04-20 at 12:59 -0700, Owen DeLong wrote:
On Apr 20, 2010, at 12:31 PM, Roger Marquis wrote:
NAT _always_ fails-closed
Stateful
CEO position - Did you know:
The majority of SP 500 CEOs are in their 50s
29% of SP 500 CEOs have an advanced degree other than an MBA
CEOs in the SP 401-500 group are more likely to have a shorter tenure with
his or her company than other SP 500 CEOs
60% of SP 500 CEOs have been in office
On Thu, Apr 29, 2010 at 11:24 AM, Mark Smith
na...@85d5b20a518b8f6864949bd940457dc124746ddc.nosense.org wrote:
On Wed, 21 Apr 2010 14:24:37 -0400
William Herrin b...@herrin.us wrote:
Fail means that an inexperienced admin drops a router in place of the
firewall to work around a priority
On Thu, 29 Apr 2010 15:58:24 -1000, William Herrin said:
Funny thing about junior staff... Their reach is often longer than
their grasp. Someone has to have the keys when the senior guy is
away...
Isn't that the defense that Terry Childs used? :)
(Sorry, couldn't resist. :)
Am 25.04.2010 um 03:29 schrieb Mark Smith:
If obscurity is such an effective measure why are zebras also able to
run fast and kick hard?
Because the stripes hide them from the flies, not the lions.
http://en.wikipedia.org/wiki/Zebra#cite_note-5
--
Stefan Bethke s...@lassitu.de Fon +49
On 04/22/2010 08:25 AM, Marshall Eubanks wrote:
On Apr 22, 2010, at 11:04 AM, John Lightfoot wrote:
That's Hedley.
I believe that he is talking about Hedy Lamarr, the co-inventor of
frequency hopping spread spectrum.
The patent which bears her and George Antheil's name is by no means
On 4/24/2010 14:07, Joel Jaeggli wrote:
The patent which bears her and George Antheil's name is by no means (and
about 30 years) the earliest example of this technology.
Few patents are. I can't think of a one, but I suppose there must be
one containing no prior art at all.
Does a movie star
On 04/22/2010 10:18 PM, Matthew Kaufman wrote:
Owen DeLong wrote:
On Apr 22, 2010, at 5:55 AM, Jim Burwell wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 4/22/2010 05:34, Simon Perreault wrote:
On 2010-04-22 07:18, William Herrin wrote:
On the other hand, I could
On Thu, 22 Apr 2010 22:18:56 -0700
Matthew Kaufman matt...@matthew.at wrote:
Owen DeLong wrote:
On Apr 22, 2010, at 5:55 AM, Jim Burwell wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 4/22/2010 05:34, Simon Perreault wrote:
On 2010-04-22 07:18, William Herrin
But none of this does what NAT does for a big enterprise, which is
to *hide internal topology*. Yes, addressing the privacy concerns
that come from using lower-64-bits-derived-from-MAC-address is
required, but it is also necessary (for some organizations) to
make it impossible to tell that
Matthew Kaufman wrote:
But none of this does what NAT does for a big enterprise, which is to
*hide internal topology*. Yes, addressing the privacy concerns that come
from using lower-64-bits-derived-from-MAC-address is required, but it is
also necessary (for some organizations) to make it
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 4/23/2010 06:17, Clue Store wrote:
But none of this does what NAT does for a big enterprise, which
is to *hide internal topology*. Yes, addressing the privacy
concerns that come from using
lower-64-bits-derived-from-MAC-address is required,
I'm just saying it's one valid
security issue with using any sort of globally unique IP address (v4
or v6), in that analyzing a bunch of traffic from a particular
netblock would allow one to build a topology map. It's easier with
IPv6 since you can presume most if not all addresses
On Apr 23, 2010, at 6:17 AM, Jack Bates wrote:
Matthew Kaufman wrote:
But none of this does what NAT does for a big enterprise, which is to *hide
internal topology*. Yes, addressing the privacy concerns that come from
using lower-64-bits-derived-from-MAC-address is required, but it is also
On Apr 23, 2010, at 9:17 AM, Clue Store wrote:
But none of this does what NAT does for a big enterprise, which is
to *hide internal topology*. Yes, addressing the privacy concerns
that come from using lower-64-bits-derived-from-MAC-address is
required, but it is also necessary (for some
What makes you think that not using NAT exposes internal topology??
Or that internal topology cannot leak out through NAT's ? I have seen
NATed enterprises
become massively compromised.
NAT allows people to become far too lazy. Your typical NAT allows
connections outbound, typically
On Thu, 22 Apr 2010 07:18:18 -0400
William Herrin b...@herrin.us wrote:
On Wed, Apr 21, 2010 at 11:31 PM, Owen DeLong o...@delong.com wrote:
On Apr 21, 2010, at 3:26 PM, Roger Marquis wrote:
William Herrin wrote:
Not to take issue with either statement in particular, but I think there
On Thu, 22 Apr 2010 10:25:43 -0500
Larry Sheldon larryshel...@cox.net wrote:
On 4/22/2010 10:17, Charles Mills wrote:
I think he was actually quoting the movie. They always called Harvey
Korman's character Hedy and he'd always correct them with That's
Hedley in a most disapproving tone.
On Thu, 22 Apr 2010 18:10:10 +1200 (MAGST)
Franck Martin fra...@genius.com wrote:
The whole thread made me thought about this:
http://www.ipinc.net/IPv4.GIF
The energy that people are willing to spend to fix it (NAT, LSN), rather than
bite the bullet is amazing.
Probably and sadly,
Jack Bates wrote:
Matthew Kaufman wrote:
But none of this does what NAT does for a big enterprise, which is to
*hide internal topology*. Yes, addressing the privacy concerns that
come from using lower-64-bits-derived-from-MAC-address is required,
but it is also necessary (for some
Matthew Kaufman wrote:
Jack Bates wrote:
Matthew Kaufman wrote:
But none of this does what NAT does for a big enterprise, which is
to *hide internal topology*. Yes, addressing the privacy concerns
that come from using lower-64-bits-derived-from-MAC-address is
required, but it is also
On Apr 23, 2010, at 10:34 AM, Matthew Kaufman wrote:
Matthew Kaufman wrote:
Jack Bates wrote:
Matthew Kaufman wrote:
But none of this does what NAT does for a big enterprise, which is to
*hide internal topology*. Yes, addressing the privacy concerns that come
from using
On Apr 23, 2010, at 10:16 AM, Matthew Kaufman wrote:
Jack Bates wrote:
Matthew Kaufman wrote:
But none of this does what NAT does for a big enterprise, which is to *hide
internal topology*. Yes, addressing the privacy concerns that come from
using lower-64-bits-derived-from-MAC-address is
Owen DeLong wrote:
On Apr 23, 2010, at 10:16 AM, Matthew Kaufman wrote:
Jack Bates wrote:
Matthew Kaufman wrote:
But none of this does what NAT does for a big enterprise, which is to *hide
internal topology*. Yes, addressing the privacy concerns that come from using
The whole thread made me thought about this:
http://www.ipinc.net/IPv4.GIF
The energy that people are willing to spend to fix it (NAT, LSN), rather than
bite the bullet is amazing.
On Wed, Apr 21, 2010 at 11:31 PM, Owen DeLong o...@delong.com wrote:
On Apr 21, 2010, at 3:26 PM, Roger Marquis wrote:
William Herrin wrote:
Not to take issue with either statement in particular, but I think there
needs to be some consideration of what fail means.
Fail means that an
On the other hand, I could swear I've seen a draft where the PC picks
up random unused addresses in the lower 64 for each new outbound
connection for anonymity purposes. Even if there is no such draft, it
wouldn't exactly be hard to implement. It won't take NAT to anonymize
the PCs on a LAN
On Thu, Apr 22, 2010 at 7:30 AM, bmann...@vacation.karoshi.com wrote:
On the other hand, I could swear I've seen a draft where the PC picks
up random unused addresses in the lower 64 for each new outbound
connection for anonymity purposes. Even if there is no such draft, it
wouldn't exactly
On Thu, Apr 22, 2010 at 07:46:50AM -0400, William Herrin wrote:
On Thu, Apr 22, 2010 at 7:30 AM, bmann...@vacation.karoshi.com wrote:
On the other hand, I could swear I've seen a draft where the PC picks
up random unused addresses in the lower 64 for each new outbound
connection for
On 2010-04-22 07:18, William Herrin wrote:
On the other hand, I could swear I've seen a draft where the PC picks
up random unused addresses in the lower 64 for each new outbound
connection for anonymity purposes.
That's probably RFC 4941. It's available in pretty much all operating
systems. I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 4/22/2010 05:34, Simon Perreault wrote:
On 2010-04-22 07:18, William Herrin wrote:
On the other hand, I could swear I've seen a draft where the PC
picks up random unused addresses in the lower 64 for each new
outbound connection for anonymity
On Thu, 22 Apr 2010, William Herrin wrote:
On Wed, Apr 21, 2010 at 11:31 PM, Owen DeLong o...@delong.com wrote:
On Apr 21, 2010, at 3:26 PM, Roger Marquis wrote:
William Herrin wrote:
Not to take issue with either statement in particular, but I think there
needs to be some consideration
On Thu, Apr 22, 2010 at 08:34:20AM -0400, Simon Perreault wrote:
On 2010-04-22 07:18, William Herrin wrote:
On the other hand, I could swear I've seen a draft where the PC picks
up random unused addresses in the lower 64 for each new outbound
connection for anonymity purposes.
That's
That's Hedley.
-Original Message-
From: bmann...@vacation.karoshi.com [mailto:bmann...@vacation.karoshi.com]
Sent: Thursday, April 22, 2010 10:34 AM
To: Simon Perreault
Cc: nanog@nanog.org
Subject: Re: Rate of growth on IPv6 not fast enough?
On Thu, Apr 22, 2010 at 08:34:20AM -0400,
Actually, no.
Not from the Mel Brooks movie.
Hedy Lamarr
http://en.wikipedia.org/wiki/Hedy_Lamarr
Hedy Lamarr (November 9, 1914 - January 19, 2000) was an Austrian-born American
actress and engineer. Though known primarily for her film career as a major
contract star of MGM's Golden Age, she
On 4/22/2010 10:04, John Lightfoot wrote:
That's Hedley.
-Original Message-
From: bmann...@vacation.karoshi.com [mailto:bmann...@vacation.karoshi.com]
Sent: Thursday, April 22, 2010 10:34 AM
To: Simon Perreault
Cc: nanog@nanog.org
Subject: Re: Rate of growth on IPv6 not fast
I think he was actually quoting the movie. They always called Harvey
Korman's character Hedy and he'd always correct them with That's
Hedley in a most disapproving tone.
You had to have watched that movie way too many times (much to my
wife's chagrin) to catch the subtle joke.
On Thu, Apr 22,
On Apr 22, 2010, at 11:04 AM, John Lightfoot wrote:
That's Hedley.
I believe that he is talking about Hedy Lamarr, the co-inventor of
frequency hopping spread spectrum.
Regards
Marshall
-Original Message-
From: bmann...@vacation.karoshi.com
On 4/22/2010 10:17, Charles Mills wrote:
I think he was actually quoting the movie. They always called Harvey
Korman's character Hedy and he'd always correct them with That's
Hedley in a most disapproving tone.
Oh.
The only thing I watch less-of than TV is movies.
Saydid they ever make
--- j...@jsbc.cc wrote:
From: Jim Burwell j...@jsbc.cc
I think this is different. They're talking about using a new IPv6 for
each connection. RFC4941 just changes it over time IIRC. IMHO that's
still pretty good privacy, at least on par with a NATed IPv4 from the
outside perspective,
On Apr 22, 2010, at 4:30 AM, bmann...@vacation.karoshi.com wrote:
On the other hand, I could swear I've seen a draft where the PC picks
up random unused addresses in the lower 64 for each new outbound
connection for anonymity purposes. Even if there is no such draft, it
wouldn't exactly be
On Apr 22, 2010, at 5:55 AM, Jim Burwell wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 4/22/2010 05:34, Simon Perreault wrote:
On 2010-04-22 07:18, William Herrin wrote:
On the other hand, I could swear I've seen a draft where the PC
picks up random unused addresses in the
Owen DeLong wrote:
On Apr 22, 2010, at 5:55 AM, Jim Burwell wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 4/22/2010 05:34, Simon Perreault wrote:
On 2010-04-22 07:18, William Herrin wrote:
On the other hand, I could swear I've seen a draft where the PC
picks up
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 4/22/2010 22:00, Owen DeLong wrote:
On Apr 22, 2010, at 5:55 AM, Jim Burwell wrote:
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1
On 4/22/2010 05:34, Simon Perreault wrote:
On 2010-04-22 07:18, William Herrin wrote:
On the other hand, I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 4/22/2010 22:18, Matthew Kaufman wrote:
Owen DeLong wrote:
On Apr 22, 2010, at 5:55 AM, Jim Burwell wrote:
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1
On 4/22/2010 05:34, Simon Perreault wrote:
On 2010-04-22 07:18, William Herrin wrote:
John Levine jo...@iecc.com writes:
I'm not saying that NAT is wonderful, but my experience, in which day
to day stuff all works fine, is utterly different from the doom and
disaster routinely predicted here.
Ever tried too troubleshoot networks which where using multiple NAT?
Every time I
On Tue, 20 Apr 2010 21:16:10 -0700
Owen DeLong o...@delong.com wrote:
Frankly, when you hear people strongly using the argument stateful
firewalling == NAT, you start to wonder if they've ever seen a stateful
firewall using public addresses.
I've run several of them.
My comment
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 4/21/2010 03:38, Mark Smith wrote:
On Tue, 20 Apr 2010 21:16:10 -0700 Owen DeLong o...@delong.com
wrote:
Frankly, when you hear people strongly using the argument
stateful firewalling == NAT, you start to wonder if they've
ever seen a
Once upon a time, Franck Martin fra...@genius.com said:
Why don't they use IPv6 instead of uPnP?
UPnP (or something like it) is needed for any kind of firewall for some
devices.
At least on Xbox, some games are essentially peer-to-peer; when userA
starts it up and invites friends, their Xbox
And when ISPs start using NAT for their customers, there will be more
problems leading to more support calls.
You say this as though they don't do it now.
R's,
John
On 4/21/2010 8:46 AM, Jim Burwell wrote:
Despite it doing the job it was intended to do, I've always seen NAT
as a bit of an ugly hack, with potential to get even uglier with LSN
and multi-level NAT in the future. I personally welcome a return to a
NAT-less world with IPv6. :)
Don't you
No. You get a different set of problems, mostly administrative.
On Apr 21, 2010, at 1:53 PM, Dave Sparro wrote:
On 4/21/2010 8:46 AM, Jim Burwell wrote:
Despite it doing the job it was intended to do, I've always seen NAT
as a bit of an ugly hack, with potential to get even uglier with
On Tue, Apr 20, 2010 at 9:34 PM, Karl Auer ka...@biplane.com.au wrote:
On Tue, 2010-04-20 at 12:59 -0700, Owen DeLong wrote:
On Apr 20, 2010, at 12:31 PM, Roger Marquis wrote:
NAT _always_ fails-closed
Stateful Inspection can be implemented fail-closed.
Not to take issue with either
Dave Sparro wrote:
Don't you get all of the same problems when there is a properly
restrictive SPI firewall at both ends of the connection regardless of
weather NAT is used as well.
If you mean, do we still need protocols similar to uPNP the answer is
yes. Of course, uPNP is designed with
William Herrin wrote:
Not to take issue with either statement in particular, but I think there
needs to be some consideration of what fail means.
Fail means that an inexperienced admin drops a router in place of the
firewall to work around a priority problem while the senior engineer
is on
Jack Bates wrote:
If you mean, do we still need protocols similar to uPNP the answer is
yes. Of course, uPNP is designed with a SPI in mind. However, we
simplify a lot of problems when we remove address mangling from the
equation.
Let's not forget why UPNP is what it is and why it should go
On Apr 21, 2010, at 3:26 PM, Roger Marquis wrote:
William Herrin wrote:
Not to take issue with either statement in particular, but I think there
needs to be some consideration of what fail means.
Fail means that an inexperienced admin drops a router in place of the
firewall to work around
On Mon, Apr 19, 2010 at 11:47 PM, Adrian Chadd
adr...@creative.net.au wrote: On Tue, Apr 20, 2010, Perry Lorier
wrote:
could dimension a NAT box for an ISP. His research is available here
http://www.wand.net.nz/~salcock/spnat/tech_report.pdf . If walls of
text scare you (why are you reading
On Mon, 19 Apr 2010, Leen Besselink wrote:
I actually think the razor thin margins make it less likely.
If I'm not mistaken, one of the reasons firmware updates are not
available from a number of vendors/products, is because the small
boxes don't have enough ROM and/or RAM.
The ROM is
On Mon, Apr 19, 2010 at 06:56:43AM +0200, Mikael Abrahamsson wrote:
On Mon, 19 Apr 2010, Franck Martin wrote:
Anybody has better projections? What's the plan?
My guess is that end user access will be more and more NAT444:ed (CGN)
while at the same time end users will get more and more
* Bryan Fields:
Yes, but I was showing what a great DDOS attack method it would be
too ;)
The beauty of flow-based forwarding (with or without NAT) is that
several types of denial-of-service attacks tend to hurt close to the
packet sources, and not just close to the victim. As far as the
On Tue, Apr 20, 2010 at 12:24:57PM +1000, Mark Andrews wrote:
In message 201004200022.o3k0m2ba007...@aurora.sol.net, Joe Greco writes:
That'd be easy if you were just starting up an ISP. What do you do with
your existing customer base? If their current service includes a
dynamic public
On Tue, Apr 20, 2010 at 01:58:13PM +1000, Mark Andrews wrote:
You are charmingly naive about how the law actually works in the USA -
that is IMHO.
Yes, things vary around the world. You failed to state In the
USA. There is plenty of case law in Australia about companies
attempting to
In message 201004200022.o3k0m2ba007...@aurora.sol.net, Joe Greco writes:
That'd be easy if you were just starting up an ISP. What do you do with
your existing customer base? If their current service includes a
dynamic public IPv4 address, you can't gracefully take it away, without
In message 20100420121646.ge15...@vacation.karoshi.com., bmann...@vacation.ka
roshi.com writes:
On Tue, Apr 20, 2010 at 01:58:13PM +1000, Mark Andrews wrote:
You are charmingly naive about how the law actually works in the USA -
that is IMHO.
Yes, things vary around the world. You
On Apr 20, 2010, at 5:40 AM, Joe Greco wrote:
In message 201004200022.o3k0m2ba007...@aurora.sol.net, Joe Greco writes:
That'd be easy if you were just starting up an ISP. What do you do with
your existing customer base? If their current service includes a
dynamic public IPv4 address, you
On Mon, 19 Apr 2010 19:57:04 -0700
Owen DeLong o...@delong.com wrote:
On Apr 19, 2010, at 3:10 PM, Florian Weimer wrote:
* Leo Bicknell:
I know of no platform that does hardware NAT. Rather, NAT is a CPU
function. While this is another interesting scaling issue, it means
this
On Tue, 20 Apr 2010 12:16:46 +
bmann...@vacation.karoshi.com wrote:
On Tue, Apr 20, 2010 at 01:58:13PM +1000, Mark Andrews wrote:
You are charmingly naive about how the law actually works in the USA -
that is IMHO.
Yes, things vary around the world. You failed to state In the
In message 201004201240.o3kcehl4074...@aurora.sol.net, Joe Greco writes:
In message 201004200022.o3k0m2ba007...@aurora.sol.net, Joe Greco writes:
That'd be easy if you were just starting up an ISP. What do you do with
your existing customer base? If their current service includes a
Joe Greco wrote:
And what'll you do for your customers when you have no more IPv4
addresses?
IPv6, request IPv4 from my transit providers, buy a small ISP that has
IPv4 address, consolidate my own IP addressing much tighter, butchering
the clean allocations and routing table.
Quit
On Tue, 20 Apr 2010 23:02:26 +0930, Mark Smith said:
access like you used to. You guys sue over hot coffee (of both
kinds)!
Well.. yeah. When it causes 3rd degree burns, you start thinking about suing.
http://www.lectlaw.com/files/cur78.htm
McDonalds also argued that consumers know coffee is
Mark Smith wrote:
On Mon, 19 Apr 2010 19:57:04 -0700
Owen DeLongo...@delong.com wrote:
Pushing functions as closer to the edge of the network usually makes
them easier to scale and more robust and resilient to failure.
There might be more chance of failure, but there is less consequence.
On Tue, Apr 20, 2010 at 10:45:02PM +1000, Mark Andrews wrote:
In message 20100420121646.ge15...@vacation.karoshi.com.,
bmann...@vacation.ka
roshi.com writes:
On Tue, Apr 20, 2010 at 01:58:13PM +1000, Mark Andrews wrote:
You are charmingly naive about how the law actually works in
John Levine wrote:
Other than the .01% of consumer customers who are mega multiplayer
game weenies, what's not going to work? Actual experience as opposed
to hypothetical hand waving would be preferable.
.01%? heh. NAT can break xbox, ps3, certain pc games, screw with various
programs that
On Apr 20, 2010, at 7:53 AM, John Levine wrote:
But regardless of what it is called people usually know what they
signed up for and when what has worked for the 5-6 years suddenly
breaks ...
If a consumer ISP moved its customers from separate IPs to NAT, what
do you think would break?
Owen DeLong wrote:
The hardware cost of supporting LSN is trivial. The management/maintenance
costs and the customer experience - dissatisfaction - support calls -
employee costs will not be so trivial.
Interesting opinion but not backed up by experience.
By contrast John Levine wrote:
My
On Apr 20, 2010, at 10:29 AM, Roger Marquis wrote:
Owen DeLong wrote:
The hardware cost of supporting LSN is trivial. The management/maintenance
costs and the customer experience - dissatisfaction - support calls -
employee costs will not be so trivial.
Interesting opinion but not backed
Simon Perreault wrote:
http://tools.ietf.org/html/draft-ford-shared-addressing-issues
The Ford Draft is quite liberal in its statements regarding issues with
NAT. Unfortunately, in the real-world, those examples are somewhat fewer
and farther between than the draft RFC would lead you to
Roger Marquis wrote:
Considering how many end-users sit behind NAT firewalls and non-firewall
gateways at home, at work, and at public access points all day without
issue, this is a particularly good example of the IETF's ongoing issues
with design-by-committee, particularly committees short on
On 4/20/2010 10:29 AM, Roger Marquis wrote:
Interesting how the artificial roadblocks to NAT66 are both delaying the
transition to IPv6 and increasing the demand for NAT in both protocols.
Nicely illustrates the risk when customer demand (for NAT) is ignored.
This is really tiresome. IPv4 NAT
On 2010-04-20, at 14:59, joel jaeggli wrote:
On 4/20/2010 10:29 AM, Roger Marquis wrote:
Interesting how the artificial roadblocks to NAT66 are both delaying the
transition to IPv6 and increasing the demand for NAT in both protocols.
Nicely illustrates the risk when customer demand (for NAT)
On Apr 20, 2010, at 11:56 AM, Jack Bates wrote:
Roger Marquis wrote:
Considering how many end-users sit behind NAT firewalls and non-firewall
gateways at home, at work, and at public access points all day without
issue, this is a particularly good example of the IETF's ongoing issues
with
Jack Bates wrote:
.01%? heh. NAT can break xbox, ps3, certain pc games, screw with various
programs that dislike multiple connections from a single IP, and the
crap load of vpn clients that appear on the network and do not support
nat traversal (either doesn't support it, or big corp A refuses
Once upon a time, Roger Marquis marq...@roble.com said:
Address conservation aside, the main selling point of NAT is its filtering
of inbound
session requests. NAT _always_ fails-closed by forcing inbound connections
to pass
validation by stateful inspection. Without this you'd have to
On 2010-04-20, at 15:31, Roger Marquis wrote:
If this were really an issue I'd expect my nieces and nephews, all of whom
are big
game players, would have mentioned it. They haven't though, despite being
behind
cheap NATing CPE from D-Link and Netgear.
I have heard it said before that
On Apr 20, 2010, at 12:31 PM, Roger Marquis wrote:
Jack Bates wrote:
.01%? heh. NAT can break xbox, ps3, certain pc games, screw with various
programs that dislike multiple connections from a single IP, and the
crap load of vpn clients that appear on the network and do not support
nat
On Apr 20, 2010, at 12:55 PM, Joe Abley wrote:
On 2010-04-20, at 15:31, Roger Marquis wrote:
If this were really an issue I'd expect my nieces and nephews, all of whom
are big
game players, would have mentioned it. They haven't though, despite being
behind
cheap NATing CPE from
On 04/20/2010 09:31 PM, Roger Marquis wrote:
Jack Bates wrote:
.01%? heh. NAT can break xbox, ps3, certain pc games, screw with various
programs that dislike multiple connections from a single IP, and the
crap load of vpn clients that appear on the network and do not support
nat traversal
Roger Marquis wrote:
If this were really an issue I'd expect my nieces and nephews, all of
whom are big
game players, would have mentioned it. They haven't though, despite
being behind
cheap NATing CPE from D-Link and Netgear.
Disable the uPNP (some routers lack it, and yes, it breaks and
On Tue, 20 Apr 2010 10:29:02 -0700 (PDT)
Roger Marquis marq...@roble.com wrote:
Owen DeLong wrote:
The hardware cost of supporting LSN is trivial. The management/maintenance
costs and the customer experience - dissatisfaction - support calls -
employee costs will not be so trivial.
On 04/20/2010 04:51 PM, Jack Bates wrote:
uPNP at a larger scale? Would require some serious security and
scalability analysis.
This is the latest proposal. The Security Considerations section needs
some love...
http://tools.ietf.org/html/draft-wing-softwire-port-control-protocol
Simon
--
Simon Perreault wrote:
This is the latest proposal. The Security Considerations section needs
some love...
http://tools.ietf.org/html/draft-wing-softwire-port-control-protocol
Nice read. IF it ever makes it into all the necessary clients, then
perhaps it might be a bit more feasible. That
On 20/04/2010, at 1:28 PM, Mark Andrews wrote:
Changing from a public IP address to a private IP address is a big
change in the conditions of the contract. People do select ISP's
on the basis of whether they will get a public IP address or a
private IP address.
Seems to me your objection
On Tue, 20 Apr 2010 12:59:32 -0700
Owen DeLong o...@delong.com wrote:
On Apr 20, 2010, at 12:31 PM, Roger Marquis wrote:
Jack Bates wrote:
.01%? heh. NAT can break xbox, ps3, certain pc games, screw with various
programs that dislike multiple connections from a single IP, and the
On Tue, 20 Apr 2010 18:03:09 EDT, Simon Perreault said:
This is the latest proposal. The Security Considerations section needs
some love...
I may be the only one that finds that unintentionally hilarious.
In any case, to a first-order approximation, it doesn't even matter all that
much
Jack Bates wrote:
Disable the uPNP (some routers lack it, and yes, it breaks and microsoft
will tell you to get uPNP capable NAT routers or get a new ISP).
Thing is, neither of these cheap CPE has UPNP enabled, which leads me to
question whether claims regarding large numbers of serverless
In message 67d28817-d47b-468f-9212-186c60531...@internode.com.au, Mark Newton
writes:
On 20/04/2010, at 1:28 PM, Mark Andrews wrote:
Changing from a public IP address to a private IP address is a big
change in the conditions of the contract. People do select ISP's
on the basis of
On 4/20/2010 2:59 PM, Mark Smith wrote:
Customers never asked for NAT. Ask the non-geek customer if they went
looking for a ISP plan or modem that supports NAT and they'll look at
you funny. Ask them if they want to share their Internet access between
multiple devices in their home,
without
Roger Marquis wrote:
Thing is, neither of these cheap CPE has UPNP enabled, which leads me to
question whether claims regarding large numbers of serverless multi-user
game users are accurate.
I'd say it's a question for m$. I've seen it break, I've had to
reprogram older cpe's that didn't
valdis.kletni...@vt.edu wrote:
(Yes, defense in depth is a Good Thing. But that external firewall isn't
doing squat for your security if it actually accepts uPNP from inside.)
In this case we are referring to uPNP functionality at a LSN level. uPNP
as it sits will not work at all, and
1 - 100 of 190 matches
Mail list logo