On Wed, 2011-11-16 at 12:20 +1100, Mark Andrews wrote:
> You are making assumptions about how the NAT is designed.
> [...]
> Unless you know the internals of a NAT you cannot say whether it
> fails open or closed.

Indeed not!

From 2010, during an identical discussion:

   http://seclists.org/nanog/2010/Apr/1166

To me, "fail" means that a system stops doing what it was designed to
do. The results are by definition undefined. Others seem to think that
"fail" means a kind of default.

> it is actually feasible to probe through a NAT using LSR.

What's LSR in this context? Loose source routing, I'm guessing.

Regards, K.

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (ka...@biplane.com.au)                   +61-2-64957160 (h)
http://www.biplane.com.au/kauer/                   +61-428-957160 (mob)

GPG fingerprint: DA41 51B1 1481 16E1 F7E2 B2E9 3007 14ED 5736 F687
Old fingerprint: B386 7819 B227 2961 8301 C5A9 2EBC 754B CD97 0156

Attachment: signature.asc
Description: This is a digitally signed message part

Reply via email to