tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: stf, security and NAT traversal

On Jan 22, 2008 5:26 PM, Ignatios Souvatzis <> wrote:
> On Sat, Jan 19, 2008 at 09:48:10PM +0100, Rodolphe De Saint Leger wrote:

> Now does NAT traversal provide more security? But anyway, for the
> record:  a tunneling method for (single) machines behind NAT is
> Teredo. An implementation available to NetBSD would be net/miredo
> in pkgsrc.

The security part is not about nat. At the beginning I only search for
the nat traversal.
The other checks came after to deny some attacks.

I knew about miredo, but I do not have a single machine :)

> Hm, magic bits? Why not use an interface flag?

All link interface flags were already used, and I didn't want to break
existing 6to4 behavior.
I searched for other solutions, but it was... worse :(

> So you still need to know the external v4 address before configuration?

Yes, otherwise it won't work.

int main(int c,char**v){int b,e=(c>>24)+6,g=c==1?1:e>>4;
*d){if((e&=15)>7)putchar((b>>(e-=8))&255); d++;main(((e|
32)<<24)|(b&4095),&d);}return g<2&&c>2?main(--c,v):1;}

Home | Main Index | Thread Index | Old Index