Vernon Schryver wrote:
> > > A NAT box can also do the wrong thing with IP fragmentation, and in more
> > > plausible scenarioes than 600 byte URL's or PUT's. Consider two client
> > ...
>
> > Hmmm - is that observation in the NAT specs? If not, is it something
> > that should be addressed separately there, or in the Transparency
> > Hazards doc??
>
> As I understand your document, it's off topic.
> I understand it as "Third Party Redirection Proxies Considered Harmful."
> The bit about third party HTTP redirection proxies being based on
> replay attacks exemplifies the sense.
The only question is whether there is something similar between NATs and
transparent proxies. Maybe "modifying IP packets considered harmful".
The issue with NATs may best be added under "even within the same AD,
transparent proxies are dangerous because..." including the IP ID and
TCP port and sequence number issues there seems on-topic. (?)
Joe
This archive was generated by hypermail 2b29 : Thu Nov 18 2004 - 11:21:28 MST