Re: Netmeeting - NAT issue

> What we do need are "killer applications". Just imagine what would > happen if Quake IV required IPv6[1]. ;-) Well, since you mentioned it: -- Harald Koch <[EMAIL PROTECTED]>

Re: Netmeeting - NAT issue

Keith Moore <[EMAIL PROTECTED]> schrieb/wrote: > the technical solutions exist. what is needed is for more OS vendors > to support v6 (and 6to4 on the host). What we do need are "killer applications". Just imagine what would happen if Quake IV required IPv6[1]. ;-) Claus [1] and came with ever

Re: Netmeeting - NAT issue

On Thursday, March 21, 2002, at 06:15 PM, [EMAIL PROTECTED] wrote: > Of course, there is the possibility that if they were totally honest, > and marketed their devices as "Enabling appliances for selected Internet > services" that they'd STILL make money (and then you'd have no one to > blame). P

Re: Netmeeting - NAT issue

"J. Noel Chiappa" <[EMAIL PROTECTED]> wrote: > I think you're seriously confused here. ISP's don't make a substantial share > of their money selling addresses (and therefore desiring a scarce market in > same), and I gather that for most of them, the costs of administering extra > addresses is ju

Re: Netmeeting - NAT issue

Keith Moore <[EMAIL PROTECTED]> wrote: > notice I did say "in a just world". I don't pretend that this world > is just. If you want to make money, you have to understand that the > economic environment we live in favors those who do harm. You can > choose whether or not to do harm (and to what

Re: Netmeeting - NAT issue

james woodyatt <[EMAIL PROTECTED]> wrote: > That there is a profitable business to be made in selling NAT appliances > to non-technical Internet users is *not* the root cause of the problem. > It's a symptom, and I think the IETF would do very well to think long > and hard about how to solve the

RE: Netmeeting - NAT issue

> From: "Tony Hain" <[EMAIL PROTECTED]> > it may be more convenient to have the border deal with DOS, but is it > *required* as Noel asserted? First, there's "good idea", "required", and "*required*". It's *required* that your computer have a test-and-branch instruction to be a Turin

RE: Netmeeting - NAT issue

Aaron Falk wrote: > I think one can make the case that having border protection may > prevent a DOS attack from consuming interior network resources and > allowing interior hosts to communicate amongst themselves. And if your interior network resources are less than 10x your external resource, yo

Re: Netmeeting - NAT issue

On Wed, Mar 20, 2002 at 08:23:15AM -0800, Tony Hain wrote: > > My question was directed at Noel's assertion that security requires a > site border router as the implementation. Just because that may be > cheaper than fixing all the current hosts, wouldn't we be better off in > the long run if all

Re: Netmeeting - NAT issue

>From: "Peter Deutsch" <[EMAIL PROTECTED]> > And if your objection to NATs ended there, I wouldn't have a problem > with it. But instead of then working to change the protocols that break > with NATs, you continue to insist, Canute-like, that you can turn back > the tides and move the world back t

Re: Netmeeting - NAT issue

> From: Peter Deutsch <[EMAIL PROTECTED]> > Who was the Roman Senator who ended every speech with "Carthage must be > destroyed"? You might take solace from the fact that eventually Carthage > was destroyed, but the power struggles and cost of that conflict hurt > Rome hugely in the process. Bett

Re: Netmeeting - NAT issue

> > if people understand that NATs allow them to run web and mail > > clients from multiple machines but prevent them from running > > most other apps, then I don't have any problem with it. > > And if your objection to NATs ended there, I wouldn't have a problem > with it. But instead of then wo

Re: Netmeeting - NAT issue

g'day, Keith Moore wrote: > > > But what do U say about people using it at home SOHO > > if people understand that NATs allow them to run web and mail > clients from multiple machines but prevent them from running > most other apps, then I don't have any problem with it. And if your object

Re: Netmeeting - NAT issue

> But what do U say about people using it at home SOHO if people understand that NATs allow them to run web and mail clients from multiple machines but prevent them from running most other apps, then I don't have any problem with it. again, the problem isn't that NATs exist, but that people

Re: Netmeeting - NAT issue

I agree - Original Message - From: "Meritt James" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, March 20, 2002 9:11 AM Subject: Re: Netmeeting - NAT issue > > See the problem? Lots of "That is not the problem, THIS is the REAL

Re: Netmeeting - NAT issue

ginal Message - From: "Keith Moore" <[EMAIL PROTECTED]> To: "J. Noel Chiappa" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Tuesday, March 19, 2002 10:17 PM Subject: Re: Netmeeting - NAT issue > > Oh, piffle. NAT's don't "harm the Intern

Re: Netmeeting - NAT issue

eith Moore" <[EMAIL PROTECTED]> To: "Harald Koch" <[EMAIL PROTECTED]> Cc: "Keith Moore" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Tuesday, March 19, 2002 9:10 PM Subject: Re: Netmeeting - NAT issue > > I think you missed the important point.

RE: Netmeeting - NAT issue

ony Hain [mailto:[EMAIL PROTECTED]] Sent: Wednesday, March 20, 2002 8:23 AM To: [EMAIL PROTECTED] Cc: J. Noel Chiappa; [EMAIL PROTECTED] Subject: RE: Netmeeting - NAT issue Valdis.Kletnieks wrote: > The host may be too stupid to protect itself - read Bugtraq > or other similar > lists

Re: Netmeeting - NAT issue

>From: "james woodyatt" <[EMAIL PROTECTED]> > I could be wrong about this, but I really believe this is the root cause > of the NAT problem, not ignorant users or self-interested appliance > vendors. I don't believe that there's a NAT problem. There are many NAT problems, and the opportunity t

RE: Netmeeting - NAT issue

>Since software doesn't have >the same attention variability over time as humans, The variability isn't as great, but it's certainly there. It's not that the software's attention falters, but that the attention of the human who has to maintain the system falters--and, when that happens, the so

RE: Netmeeting - NAT issue

Valdis.Kletnieks wrote: > The host may be too stupid to protect itself - read Bugtraq > or other similar > lists for the gory details. The fact that many hosts are too stupid to protect themselves is not a reason to architecturally require that the border provide security. The marketplace may fin

Re: Netmeeting - NAT issue

See the problem? Lots of "That is not the problem, THIS is the REAL problem" and all too few doable solutions. Throwing rocks is easy. Catching them is harder. -- James W. Meritt CISSP, CISA Booz | Allen | Hamilton phone: (410) 684-6566

Re: Netmeeting - NAT issue

On Tue, 19 Mar 2002 19:01:14 PST, Tony Hain <[EMAIL PROTECTED]> said: > Why does security demand an external border? Is that based on the > assumption that the host is too stupid to protect itself? If it is based Yes. The host may be too stupid to protect itself - read Bugtraq or other simila

Re: Netmeeting - NAT issue

Keith; > > I think you missed the important point. It's not the NAT vendors, it's > > the ISPs. > > I'll grant that ISPs have something to do with it. But there is a > shortage of IPv4 addresses, so it's not as if anybody can have as > many as they want. Wrong. There actually is no shortage o

Re: Netmeeting - NAT issue

> Oh, piffle. NAT's don't "harm the Internet", any more than a host of other > things: the fact that other things do harm doesn't mean that NATs don't also do harm, or that the harm done by NAT is somehow lessened or excused. and IMHO most of the other things you mentioned do less harm than NATs

RE: Netmeeting - NAT issue

Noel Chiappa wrote: > ... > security alone demands that we be able to > move some functionality to a "site border router", or some > such. Why does security demand an external border? Is that based on the assumption that the host is too stupid to protect itself? If it is based on having an app l

Re: Netmeeting - NAT issue

> I think you missed the important point. It's not the NAT vendors, it's > the ISPs. I'll grant that ISPs have something to do with it. But there is a shortage of IPv4 addresses, so it's not as if anybody can have as many as they want. And it's not the fact that people are selling NAT that I fi

Re: Netmeeting - NAT issue

> From: Keith Moore <[EMAIL PROTECTED]> > it seems disingenuous to blame the NAT problem on users when the NAT > vendors are doing their best to mislead users about the harm that NAT > does. Oh, piffle. NAT's don't "harm the Internet", any more than a host of other things: "invis

Re: Netmeeting - NAT issue

On Tuesday, March 19, 2002, at 01:10 PM, Keith Moore wrote: > [I wrote:] >> The first thing I would suggest is to sit back and contemplate whether >> the situation bears any resemblance to other problems in which the user >> population engages in behavior that results in short-term personal >> ben

Re: Netmeeting - NAT issue

Of all the gin joints in all the towns in all the world, Keith Moore had to walk into mine and say: > > granted there are numerous instances of this. but it seems disingenuous > to blame the NAT problem on users when the NAT vendors are doing their > best to mislead users about the harm that N

RE: Netmeeting - NAT issue

Keith, In a just world, people freely purchase the things they want and believe solves a real world problem for them. The Internet has grown at an incredible rate and I suspect in large part due to NATs. I wonder if the Internet would sue the NAT vendors, or thank them for establishing a br

Re: Netmeeting - NAT issue

> The first thing I would suggest is to sit back and contemplate whether > the situation bears any resemblance to other problems in which the user > population engages in behavior that results in short-term personal > benefit in exchange for long-term harm to the welfare of society. granted there

Re: Netmeeting - NAT issue

everyone-- I know this is a frequent source of heated discussion, and that much has already been said that doesn't need to be repeated here, but I *just* *can't* *let* *this* *go* unchallenged. - On Tuesday, March 19, 2002, at 08:26 AM, Keith Moore wrote: > [...] > in a just world, the NA

Re: Netmeeting - NAT issue

> OK, but that does not solve the problem where the NATs are mostly deployed > -- home and SOHO -- until all internet servers of interest to those users > speak IPv6. "Can be upgraded to do so" is great if you control the server, > but these users don't. true enough. fortunately, NAT doesn't i

Re: Netmeeting - NAT issue

> > in a just world, the NAT vendors would all be sued out of existence for > > the harm they've done to the Internet. in the real world, if you can > > hire a famous personality to advertise your product on TV, then by > > definition it must work well. > > The last time I was thi

Re: Netmeeting - NAT issue

OK, but that does not solve the problem where the NATs are mostly deployed -- home and SOHO -- until all internet servers of interest to those users speak IPv6. "Can be upgraded to do so" is great if you control the server, but these users don't. So Yahoo, Google, etc can be pursuaded to upg

Re: Netmeeting - NAT issue

On Tue, 19 Mar 2002 10:50:27 PST, Peter Ford said: > And why don't you think RSVP would work? Compute the chances that an *arbitrary* end-to-end connection on the Internet passes entirely through routers and firewalls that support RSVP. Remember to factor in how often Path MTU Discovery doesn't w

RE: Netmeeting - NAT issue

And why don't you think RSVP would work? -Original Message- From: Joe Touch [mailto:[EMAIL PROTECTED]] Sent: Tuesday, March 19, 2002 9:04 AM To: Peter Ford Cc: John Stracke; [EMAIL PROTECTED] Subject: Re: Netmeeting - NAT issue Peter Ford wrote: > I would love to see the

Re: Netmeeting - NAT issue

David Frascone wrote: > Ok, I have to say something. > > I agree that NATs are evil, and *should* not exist. But, since ISP's > currently charge tons of money for more than one IP address, they always > *will* exist. I wish there were more appreciation for the ephemeral nature of solutions. Ot

Re: Netmeeting - NAT issue

Peter Ford wrote: > I would love to see the complete solution to signaling all the potential > blocking intermediate hops in the network that specific traffic should > pass. Me too. Sadly, that would require broadcasting to the whole Internet. Joe

Re: Netmeeting - NAT issue

> I agree that NATs are evil, and *should* not exist. But, since ISP's > currently charge tons of money for more than one IP address, they always > *will* exist. > > Maybe IPv6 will fix all that . . . . we can only pray . . . easily fixed. get a single IPv4 address, assign it to a 6to4 router

Re: Netmeeting - NAT issue

> I will note that the one thing going for the home network NAT guys is > that they have focused on making things work to the extent that they > even have George Hamilton selling NATs at the poolside on TV commercials > for Circuit City. well, maybe he can solve the NAT problem, but I can't. >

Re: Netmeeting - NAT issue

On Tue, 19 Mar 2002 08:40:02 CST, David Frascone said: > I agree that NATs are evil, and *should* not exist. But, since ISP's > currently charge tons of money for more than one IP address, they always > *will* exist. Bad logic. They won't "always will". They will as long as ISPs have the curre

Re: Netmeeting - NAT issue

On Mon, 18 Mar 2002 21:00:22 PST, Peter Ford <[EMAIL PROTECTED]> said: > I would love to see the complete solution to signaling all the potential > blocking intermediate hops in the network that specific traffic should > pass. I would love to see the complete *SECURE* solution to signaling all

Re: Netmeeting - NAT issue

Ok, I have to say something. I agree that NATs are evil, and *should* not exist. But, since ISP's currently charge tons of money for more than one IP address, they always *will* exist. Maybe IPv6 will fix all that . . . . we can only pray . . . -- David Frascone Reality is for those

RE: Netmeeting - NAT issue

I would love to see the complete solution to signaling all the potential blocking intermediate hops in the network that specific traffic should pass. Regards, peter

RE: Netmeeting - NAT issue

peterf -Original Message- From: Melinda Shore [mailto:[EMAIL PROTECTED]] Sent: Monday, March 18, 2002 2:18 PM To: Peter Ford Cc: [EMAIL PROTECTED] Subject: Re: Netmeeting - NAT issue >Ahh, it doesn't have to damage routing transparency. If we were to use >a signaling protocol

Re: Netmeeting - NAT issue

>Ahh, it doesn't have to damage routing transparency. If we were to use >a signaling protocol that is carefully crafted to preserve routing >transparency (e.g. RSVP) then we can avoid this issue. That's what I'm working on, but midcom and upnp as they're currently defined most certainly do have

RE: Netmeeting - NAT issue

>The protocols explicit probe the first hop router on the network for >upnp capabilities. In their model of a home gateway/LAN there is no >"internal" routing, the world is bridged, so the signaling should not >damage routing transparency. But just imposing that model removes transparency. Mayb

RE: Netmeeting - NAT issue

Message- From: Joe Touch [mailto:[EMAIL PROTECTED]] Sent: Monday, March 18, 2002 8:08 AM To: Peter Ford Cc: Andrew McGregor; Vivek Gupta; [EMAIL PROTECTED] Subject: Re: Netmeeting - NAT issue Peter Ford wrote: > If one really believes in end to end architectures, then one probably > woul

RE: Netmeeting - NAT issue

ssage- From: Melinda Shore [mailto:[EMAIL PROTECTED]] Sent: Monday, March 18, 2002 7:14 AM To: Andrew McGregor Cc: [EMAIL PROTECTED] Subject: Re: Netmeeting - NAT issue > > Microsoft has recently addressed the NAT traversal issue for multimedia > > scenarios by shipping Messenger in Win

Re: Netmeeting - NAT issue

Peter Ford wrote: > If one really believes in end to end architectures, then one probably > would want generalized protocols for supporting hosts telling the > network what to do wrt opening holes at NATs/Firewalls for inbound > traffic. Actually, if one believes in the E2E arch (more specificall

Re: Netmeeting - NAT issue

> > Microsoft has recently addressed the NAT traversal issue for multimedia > > scenarios by shipping Messenger in Windows XP and it uses universal plug > > and play protocols (www.upnp.org) to open holes on upnp capable internet > > gateways. There are many vendors building upnp capable NATs in 2

RE: Netmeeting - NAT issue

nt: Sunday, March 17, 2002 5:34 PM > To: Joe Touch; Vivek Gupta > Cc: [EMAIL PROTECTED] > Subject: Re: Netmeeting - NAT issue > > Or, get a NAT which *does* connection-track H.323. They do exist, > open-source and not, and work just fine. > > Better, get a proper H.323 gatew

RE: Netmeeting - NAT issue

bject: Re: Netmeeting - NAT issue Or, get a NAT which *does* connection-track H.323. They do exist, open-source and not, and work just fine. Better, get a proper H.323 gateway (which will work behind an H.323 aware NAT if done properly) so people can call in as well as out. However, NAT is

Re: Netmeeting - NAT issue

Or, get a NAT which *does* connection-track H.323. They do exist, open-source and not, and work just fine. Better, get a proper H.323 gateway (which will work behind an H.323 aware NAT if done properly) so people can call in as well as out. However, NAT is still brokenness. (and so is H.323)

Re: Netmeeting - NAT issue

Vivek Gupta wrote: > > Hi > > I have been bugging U guys a lot for long now . especially Hari > > OK here is another question quite similar to previous one: > > Net meeting by Microsoft is not suppoted by NAT . this is the major > problem > > --this is a problem with NAT or with NE

Re: Netmeeting - NAT issue

Hi Vivek:       I am behind a firewall, as Help-desk Mgr. we had to find some answers for our customers regarding the issues you ask. I am SURE the problem is with netmeeting and other MS comunications softwatre. Try the following links:   http://messenger.msn.com/support/knownissues.asp   ht

Re: Netmeeting - NAT issue

> Net meeting by Microsoft is not suppoted by NAT . this is the major > problem NATs violate many of the assumptions of the Internet Protocol. It's unrealistic to expect many kinds of IP applications to work in the presence of NATs, unless they were specifically designed to do so. And whi

Re: Netmeeting - NAT issue

> Net meeting by Microsoft is not suppoted by NAT . this is the major > problem you may not have noticed that o there is no ietf standards track document for net meeting o there is no ietf standards track document for nat hence no one here is surprised. caveat emptor. we design and bui