IETF Logo Mail Archive

Re: [shara] port randomization (draft-ymbk-aplusp-03)

"Jan Zorz @ go6.si" <jan@go6.si> Tue, 17 March 2009 13:13 UTC

Return-Path: <jan@go6.si>
X-Original-To: shara@core3.amsl.com
Delivered-To: shara@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3DE273A6983 for <shara@core3.amsl.com>; Tue, 17 Mar 2009 06:13:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.412
X-Spam-Level:
X-Spam-Status: No, score=-2.412 tagged_above=-999 required=5 tests=[AWL=0.186, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id urwhFIX5Yo0p for <shara@core3.amsl.com>; Tue, 17 Mar 2009 06:13:44 -0700 (PDT)
Received: from ipv6.go6.si (go6.si [212.44.108.1]) by core3.amsl.com (Postfix) with ESMTP id 364C03A68C3 for <shara@ietf.org>; Tue, 17 Mar 2009 06:13:44 -0700 (PDT)
Received: from [IPv6:2001:470:9bd4::219:e3ff:fe35:fde2] (unknown [IPv6:2001:470:9bd4:0:219:e3ff:fe35:fde2]) (Authenticated sender: jan) by ipv6.go6.si (Postfix) with ESMTP id D2BC945D8396; Tue, 17 Mar 2009 14:14:22 +0100 (CET)
Message-ID: <49BFA22B.9010303@go6.si>
Date: Tue, 17 Mar 2009 14:14:19 +0100
From: "Jan Zorz @ go6.si" <jan@go6.si>
Organization: go6.si
User-Agent: Thunderbird 2.0.0.19 (Macintosh/20081209)
MIME-Version: 1.0
To: mohamed.boucadair@orange-ftgroup.com
References: <022a01c9a2ab$fd5abf60$fd736b80@cisco.com><49B91C8B.5010906@go6.si><04a201c9a338$d5ce8f70$fd736b80@cisco.com><49B9752B.8030407@go6.si> <051901c9a64a$0256bf40$fd55150a@cisco.com><49BE9F0D.2080804@go6.si><06e601c9a697$e6c67c90$fd55150a@cisco.com><A99B171D26E1564B92D36826128CD66127EE106A92@NOK-EUMSG-01.mgdnok.nokia.com><000c01c9a69f$e7ab3da0$c2f0200a@cisco.com> <49BF8115.307@go6.si> <6CF039C5B32037498B02251E11CDE6B007DB7E13@ftrdmel3>
In-Reply-To: <6CF039C5B32037498B02251E11CDE6B007DB7E13@ftrdmel3>
Content-Type: multipart/alternative; boundary="------------030205070904020404070108"
Cc: Gabor.Bajko@nokia.com, shara@ietf.org
Subject: Re: [shara] port randomization (draft-ymbk-aplusp-03)
X-BeenThere: shara@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Sharing of an IPv4 Address discussion list <shara.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/shara>, <mailto:shara-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/shara>
List-Post: <mailto:shara@ietf.org>
List-Help: <mailto:shara-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/shara>, <mailto:shara-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Mar 2009 13:13:45 -0000

mohamed.boucadair@orange-ftgroup.com wrote:
> Dear Jan,
>  
> What does mean to offload the DNS resolving to the core?
>  
> Cheers,
> Med 
Mohamed, hi.

If I may, I would copy/paste Remi Despres's text from one of the emails 
on this list:

"In principle, running a DNS cache on the NAT/address-sharing box could solve 
this. DNS would be proxied at the application layer, and so port randomization 
could be achieved properly by the box. Unfortunately, some of "box" vendors 
probably do not want to have to provide a DNS cache."


This idea seems to be a fair trade... but it depends on vendors will to 
implement it. Personally I see no reason, why
some vendor would refuse to do it, as it solves and answers to a lot 
more questions than creates.

Thank you, Jan Zorz

v2.8.7 | Report a Bug | By Email