<html>

  <head>

    <meta content="text/html; charset=utf-8" http-equiv="Content-Type">

  </head>

  <body text="#000000" bgcolor="#FFFFFF">

    I was refering to stuff like this:<br>

<a class="moz-txt-link-freetext" href="https://isc.sans.edu/forums/diary/New+tricks+that+may+bring+DNS+spoofing+back+or+Why+you+should+enable+DNSSEC+even+if+it+is+a+pain+to+do/16859/">https://isc.sans.edu/forums/diary/New+tricks+that+may+bring+DNS+spoofing+back+or+Why+you+should+enable+DNSSEC+even+if+it+is+a+pain+to+do/16859/</a><br>

    <br>

    It would only be a security issue in certain cases, but if the set

    of ports was consecutive and not pseudo randomised it could reduce

    security of some applications which utilise random source ports.<br>

    <br>

    <div class="moz-cite-prefix">On 26/03/15 11:31, Sid wrote:<br>

    </div>

    <blockquote

      cite="mid:EBEA95BF-E44F-41CB-A17E-28E0D69A094D@gmail.com"

      type="cite">

      <meta http-equiv="content-type" content="text/html; charset=utf-8">

      <div>Hi Nick,</div>

      <div><br>

        On 26 Mar 2015, at 03:28, Nick Stallman <<a

          moz-do-not-send="true" href="mailto:nick@agentpoint.com">nick@agentpoint.com</a>>

        wrote:<br>

        <br>

      </div>

      <blockquote type="cite">

        <div><span>What security concerns would there be to reducing the

            source ports from 65535 to 100?</span><br>

          <span>They are usually kept pretty random for a reason aren't

            they?</span><br>

        </div>

      </blockquote>

      <div><br>

      </div>

      I guess it depends on what you want out of CGNAT. As the RFC

      linked by Scott says, you don't get better or worse security over

      a non CGNAT setup with algorithmic NAT allocation.

      <div><br>

      </div>

      <div>(That RFC again: <a moz-do-not-send="true"

          href="https://www.rfc-editor.org/rfc/rfc7422.txt">https://www.rfc-editor.org/rfc/rfc7422.txt</a> )</div>

      <div><br>

      </div>

      <div>I've never setup a CGNAT. But if it was for internet end

        users as an ISP, I can't see it being implemented for security

        reasons - only as a resource preservation mechanism. "Security"

        would just be a byproduct.</div>

      <div><br>

      </div>

      <div>If you are setting up any NAT solution specifically for some

        level of "security", then that changes things.</div>

      <div><br>

      </div>

      <div>Sid</div>

      <div>

        <blockquote type="cite">

          <div><span></span></div>

        </blockquote>

      </div>

    </blockquote>

    <br>

    <div class="moz-signature">-- <br>

      Nick Stallman<br>

      Agentpoint Pty Ltd <br>

      The Real Estate Web Developers<br>

      Melbourne | Sydney | Miami<br>

      <a class="moz-txt-link-abbreviated" href="mailto:nick@agentpoint.com">nick@agentpoint.com</a><br>

      <a class="moz-txt-link-abbreviated" href="http://www.agentpoint.com.au">www.agentpoint.com.au</a> | <a class="moz-txt-link-abbreviated" href="http://www.zooproperty.com">www.zooproperty.com</a> | <a class="moz-txt-link-abbreviated" href="http://www.ginga.com.au">www.ginga.com.au</a> |

      <a class="moz-txt-link-abbreviated" href="http://www.business2.com.au">www.business2.com.au</a><br>

      <br>

      Business2.com.au is a real estate agent information website that

      helps you understand Portals, Technology and comes with FREE tools

      to help your Agency become an online success!</div>

  </body>

</html>