On Feb 16, 2012, at 5:11 PM, Masataka Ohta wrote:
Andreas Echavez wrote:
*Why disabling ICMP doesn't increase security and only hurts the web* *(path MTU discovery, diagnostics)
That PMTUD works is a misconception.
It actually works where people have not made active efforts to break it.
*How NAT breaks end-to-end connectivity (fun one..., took me hours to explain to an old boss why doing NAT at the ISP level was horrendously wrong)
That's another misconception.
While NAT breaks the end to end connectivity, it can be restored by end systems by reversing translations by NAT, if proper information on the translations are obtained through some protocol such as UPnP.
Sigh... NAT is a horrible hack that served us all too well in address conservation. Beyond that, it is merely a source of pain. Owen