Firewall Wizards mailing list archives
How should NAT terminate ?
From: Darren Reed <darrenr () reed wattle id au>
Date: Sat, 8 Jan 100 01:04:08 +1100 (EST)
Here's something for folks out there to have a think about. You have your dialup PC, sitting at home, gatewaying your workstation from which you surf away on the web. Your link drops, you redial and get a new IP# for your NAT sessions. For at least some period of time, your old IP# may be black holed, or worse, allocated to another Internet user. The second case is worse because small amounts of your web session *may* leak to someone else. Whatever the case, there is a period of time in which the original endpoints believe a connection exists, which no longer does. Should a pre-emptive strike be lunched by the firewall to blow these away by doing something like sending TCP RST's ? What about for DNS/NTP queries - are ICMP unreachables appropriate ? Darren
Current thread:
- How should NAT terminate ? Darren Reed (Jan 09)
- Re: How should NAT terminate ? Mikael Olsson (Jan 10)
- Re: How should NAT terminate ? Darren Reed (Jan 12)
- Re: How should NAT terminate ? Mikael Olsson (Jan 15)
- Y2K fix for 'elm' (Was: Re: How should NAT terminate ?) Joseph S D Yao (Jan 20)
- Re: Y2K fix for 'elm' (Was: Re: How should NAT terminate ?) Darren Reed (Jan 20)
- Re: How should NAT terminate ? Darren Reed (Jan 12)
- <Possible follow-ups>
- RE: How should NAT terminate ? Ben Nagy (Jan 10)
- RE: How should NAT terminate ? Johnny Shelley (Jan 12)
- Re: How should NAT terminate ? Darren Reed (Jan 12)
- Re: How should NAT terminate ? TC Wolsey (Jan 10)
- RE: How should NAT terminate ? James R Grinter (Jan 12)
(Thread continues...)
- Re: How should NAT terminate ? Mikael Olsson (Jan 10)