On Thu, 19 Jun 2003 00:55:49 EDT, S Woodside said: > On Wednesday, June 18, 2003, at 06:28 PM, Tomson Eric ((Yahoo.fr)) > wrote: > > > Now, the fact that masking the internal addresses to the external > > world - so that internal hosts can initiate traffic to the outside, > > but no > > external host can initiate traffic to the inside - brings some basic > > security, is an interesting corollary, but not the primary objective > > of a > > NAT. > > Is this just security through obscurity, or something better?
Security through obscurity. See Bellovin's paper on enumerating through a NAT. Steven M. Bellovin, "A Technique for Counting NATted Hosts. Proc. Second Internet Measurement Workshop, November 2002. http://www.research.att.com/~smb/papers/fnat.pdf (or fnat.ps if you prefer)
pgp00000.pgp
Description: PGP signature
