nanog mailing list archives
Re: Netflix banning HE tunnels
From: Owen DeLong <owen () delong com>
Date: Sun, 12 Jun 2016 16:47:18 -0700
On Jun 9, 2016, at 19:57 , Ricky Beam <jfbeam () gmail com> wrote: On Thu, 09 Jun 2016 21:41:05 -0400, Baldur Norddahl <baldur.norddahl () gmail com> wrote:Then he reads on NANOG that since he has IPv6 he can just connect to the camera with that.... Only to find the built-in stateful firewall blocks unsolicited inbound connections. Now he has to figure out how to manipulate ACLs. Or (more likely) he turns that "pesky firewall" off. (followed by the eventual hacking of every device he owns.) NAT may not be security, yet it's the only thing securing billions of people.
Nope… NAT Can’t be done without stateful inspection. You can stop mangling the packet headers and leave the stateful inspection in place and still have the same exact protection. I realize most people have a hard time separating NAT from stateful inspection because most people got them both in the same package at the same time. Further, most boxes implement NAT and stateful inspection in the same chunk of code making it look even more like a single transaction. However, conceptually they are two different things. Stateful inspection is what actually protects you. NAT is simply the part where you mutilate the packet header in unnatural ways. Owen
Current thread:
- Re: Netflix banning HE tunnels, (continued)
- Re: Netflix banning HE tunnels Michael Still (Jun 09)
- RE: Netflix banning HE tunnels Matthew Huff (Jun 09)
- Re: Netflix banning HE tunnels Sander Steffann (Jun 09)
- Re: Netflix banning HE tunnels Adam Rothschild (Jun 09)
- RE: Netflix banning HE tunnels Steve Mikulasik (Jun 09)
- Re: Netflix banning HE tunnels Cryptographrix (Jun 09)
- Re: Netflix banning HE tunnels Ricky Beam (Jun 09)
- Re: Netflix banning HE tunnels Mark Andrews (Jun 09)
- Re: Netflix banning HE tunnels Baldur Norddahl (Jun 09)
- Re: Netflix banning HE tunnels Ricky Beam (Jun 09)
- Re: Netflix banning HE tunnels Owen DeLong (Jun 12)
- Re: Netflix banning HE tunnels Ricky Beam (Jun 14)
- Re: Netflix banning HE tunnels Valdis . Kletnieks (Jun 14)
- Re: Netflix banning HE tunnels Owen DeLong (Jun 14)
- Re: Netflix banning HE tunnels Mark Milhollan (Jun 17)
- Re: Netflix banning HE tunnels Owen DeLong (Jun 20)
- IPv6 Ingress traffic by default Jared Mauch (Jun 20)
- Re: IPv6 Ingress traffic by default Mark Milhollan (Jun 20)
- Re: IPv6 Ingress traffic by default Mark Andrews (Jun 20)
- Re: IPv6 Ingress traffic by default Owen DeLong (Jun 20)
- Re: IPv6 Ingress traffic by default Mark Andrews (Jun 20)