Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

IPv6 and Firewall traversal



On Mar 30, 2011, at 11:06 AM, Bill Bogstad wrote:
> 
> Source IP spoofing is only possible when people don't put in
> appropriate filters to disallow
> packets coming from the outside with the wrong IP address.   In a

This is a packet filtering firewall and has exactly zero to do with NAT.


> I'm not sure that I would define SPI as including automatic (or
> automatable) hole punching,

Pardon?  SPI is not about making holes.  It is about permitting inbound packets in response specifically and exclusively to outbound packets over TCP (stateful) connections.  Many NAT "routers" incorporate SPI firewalls and it is these firewalls that provide network security.  The only security that NAT alone provides is a false sense of it.

--Rich P.







BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org