Le 2014-03-13 15:12, Eric Vyncke (evyncke) a écrit : > What annoys me more if the fact that AVM (and they are not the only one -- > see Technicolor & others) naively believes that NAT44 offered some > security by preventing inbound connections... This means that there is NO > open connectivity between two X/Box behind a closed AVM CPE... Hence X/Box > has no choice and is smart enough to fall back in the legacy NAT44 mode > with a TURN (or in this case Teredo) to bypass NAT. A very nice > opportunity to run man-in-the-middle attack on a foreign ground. > > I still wonder why people REALLY believe in the security of NAT (in the > sense of blocking inbound connections) in 2014 while most of the botnet > members are behind a NAT... > > Christopher and others => you are RIGHT! Do not change your mind > > -éric (see also > http://tools.ietf.org/html/draft-ietf-v6ops-balanced-ipv6-security-01 for > my point of view :-))
+1000 Simon -- DTN made easy, lean, and smart --> http://postellation.viagenie.ca NAT64/DNS64 open-source --> http://ecdysis.viagenie.ca STUN/TURN server --> http://numb.viagenie.ca
