[AusNOG] IPv4 Exhaustion date changed to December.
Dobbins, Roland
rdobbins at arbor.net
Tue Jun 22 16:18:33 EST 2010
On Jun 22, 2010, at 6:37 AM, Mark Andrews wrote:
> NAT vs encapsulation is about equal cost in the CPE device.
Yes - they both maintain an undesirable and extremely dangerous amount of state, making the devices and the networks/notes/users behind them considerably more vulnerable to either deliberate or inadvertent DDoS, due to state-table exhaustion.
NAT and encapsulation are both evil things from the standpoint of opsec, not to mention complexity/troubleshooting, et. al. Unfortunately, we're going to see more and more of them deployed, and without any attempt to harden/protect them against attack.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
Injustice is relatively easy to bear; what stings is justice.
-- H.L. Mencken
More information about the AusNOG
mailing list