[E-Lang] Getting around NAT

Tyler Close tjclose@yahoo.com
Sat, 8 Dec 2001 12:18:11 -0400


On Sat, Dec 08, 2001 at 03:51:40PM +0000, Ben Laurie wrote:
> Tyler Close wrote:
> > 
> > I was wondering if there are any networking gurus here who might know
> > why the preferred methods for extending the IPv4 address space are
> > NAT for now, and IPv6 for later, as opposed to using the Loose Source
> > Routing already present in IPv4. Specifically, it seems like it would
> > be natural to have a NAT-like box between a local 10.*.*.* network
> > and the open internet that put the IPv4 address of the NAT-like box in
> > the source address of the IP datagram and put the local, originating
> > 10.*.*.* address in the reverse route of the Loose Source Routing option.
> > When this NAT-like box received a return IP datagram, this local
> > 10.*.*.* address would be the next address in the Loose Source Route
> > specified by the return IP datagram. The NAT-like box would then
> > forward this IP datagram to the local network, as is specified by the IP
> > protocol. In this way, you would get an effective address length of 32 + 24.
> > I don't see why this technique couldn't be applied recursively to get an
> > unlimited addressing length. Essentially, the Loose Source Route is used
> > to address entities in dependent address spaces.
> 
> Source Routing is general disabled because it can be used to crack (by
> doing exactly what you just described) :-)

It's only 'cracking' if the NAT-like box is serving double duty as both an 
address extender and a firewall but doesn't know it (and so fails as a firewall).

Is it because of a cracker label that this existing technology was overlooked
when the IP address shortage problem was being worked on? I'd be amazed to find
out that the reason for introducing a new and incompatible technology at the
base of the internet was to make up for a bug in some firewall implementations.

Tyler

_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com