Dear IPsec experts, I am a System Engineer from Ericsson. I am currently reading your RFC5996. However, I feel confused with the following words about NAT traversal:
Section 2.23: A host behind a NAT SHOULD NOT do this type of dynamic address update if a validated packet has different port and/or address values because it opens a possible DoS attack (such as allowing an attacker to break the connection with a single packet). It is very difficult to understand this case. Could you give me some hint why it opens a possible DoS attack when the host is behind a NAT? Your different opinions are really appreciated for my better understanding. Thank you very much! Kind regards, Jerry Huang [Ericsson]<http://www.ericsson.com/> ZHENJIE HUANG System Engineer CGC/X Ericsson 13/F, ShuGuang Building, Nanshan Shenzhen, China Phone 0755-86925204 Mobile 18576627893 [email protected] www.ericsson.com [http://www.ericsson.com/current_campaign]<http://www.ericsson.com/current_campaign> Legal entity: N/A, registered office in N/A. This Communication is Confidential. We only send and receive email on the basis of the terms set out at www.ericsson.com/email_disclaimer<http://www.ericsson.com/email_disclaimer>
_______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
