On Wed, 2011-11-16 at 12:20 +1100, Mark Andrews wrote:
You are making assumptions about how the NAT is designed. [...] Unless you know the internals of a NAT you cannot say whether it fails open or closed.
Indeed not! From 2010, during an identical discussion: http://seclists.org/nanog/2010/Apr/1166 To me, "fail" means that a system stops doing what it was designed to do. The results are by definition undefined. Others seem to think that "fail" means a kind of default.
it is actually feasible to probe through a NAT using LSR.
What's LSR in this context? Loose source routing, I'm guessing. Regards, K. -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Karl Auer (kauer@biplane.com.au) +61-2-64957160 (h) http://www.biplane.com.au/kauer/ +61-428-957160 (mob) GPG fingerprint: DA41 51B1 1481 16E1 F7E2 B2E9 3007 14ED 5736 F687 Old fingerprint: B386 7819 B227 2961 8301 C5A9 2EBC 754B CD97 0156