[e2e] 100% NAT - a DoS proof internet

Saikat Guha saikat at cs.cornell.edu
Wed Feb 22 09:05:20 PST 2006

On Wed, 2006-02-22 at 07:39 -0800, Joe Touch wrote:
> Saikat Guha wrote:
> > there is a service that allows you
> > somehow publish your IP address and port
> Let's say that place is behind a NAT. Then *it* needs to similarly
> publish its address and port.

or, this address and port may be hard-coded into clients as is the case
with the DNS root servers. Alternatively, if DNS is around, the address
and port can be published there. In any event, yes, this service needs
to be publicly accessible.

> The DNS is part of the IP architecture. The service above must be
> OUTSIDE the NAT architecture.

Just as DNS is useless unless clients know the _IP_ of the root, a
NAT'ed Internet is useless unless the clients can publicly reach the
rendezvous. You cannot reach the DNS root using DNS, and you cannot
reach the rendezvous that requires a rendezvous.

I don't understand your distinction for considering one inside, and the
other outside the respective architectures.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.postel.org/pipermail/end2end-interest/attachments/20060222/44ca1295/attachment.bin

More information about the end2end-interest mailing list