How should NAT terminate ?

Subject: How should NAT terminate ?
From: Darren Reed (darrenrreed.wattle.id.au)
Date: Mon Jan 10 2000 - 00:26:41 CST

• Next message: Scott Saxen: "reverse proxy using apache"
• Previous message: Tina Bird: "VPN Glossary On Line!"
• Next in thread: Ben Nagy: "RE: How should NAT terminate ?"
• Reply: Ben Nagy: "RE: How should NAT terminate ?"
• Reply: TC Wolsey: "Re: How should NAT terminate ?"
• Reply: Mikael Olsson: "Re: How should NAT terminate ?"
• Reply: Ben Nagy: "RE: How should NAT terminate ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Here's something for folks out there to have a think about.

You have your dialup PC, sitting at home, gatewaying your
workstation from which you surf away on the web. Your link
drops, you redial and get a new IP# for your NAT sessions.

For at least some period of time, your old IP# may be black
holed, or worse, allocated to another Internet user. The
second case is worse because small amounts of your web session
*may* leak to someone else.

Whatever the case, there is a period of time in which the original
endpoints believe a connection exists, which no longer does. Should
a pre-emptive strike be lunched by the firewall to blow these away
by doing something like sending TCP RST's ? What about for DNS/NTP
queries - are ICMP unreachables appropriate ?

Darren

• Next message: Scott Saxen: "reverse proxy using apache"
• Previous message: Tina Bird: "VPN Glossary On Line!"
• Next in thread: Ben Nagy: "RE: How should NAT terminate ?"
• Reply: Ben Nagy: "RE: How should NAT terminate ?"
• Reply: TC Wolsey: "Re: How should NAT terminate ?"
• Reply: Mikael Olsson: "Re: How should NAT terminate ?"
• Reply: Ben Nagy: "RE: How should NAT terminate ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b27 : Mon Jan 10 2000 - 00:26:41 CST