Mailinglist Archive: opensuse (1837 mails)

< Previous Next >
Re: [opensuse] Moving to IPv6
  • From: James Knott <james.knott@xxxxxxxxxx>
  • Date: Fri, 10 Sep 2010 11:32:23 -0400
  • Message-id: <4C8A4F87.4010602@xxxxxxxxxx>
Brian K. White wrote:
Build some sort of checksum into the base protocols so that *real* NAT (proxies would still be possible, and that's just fine) would not be possible without breaking the checksum, and thus ensure that no machine anywhere can spoof it's activities.

That already happens with authentication headers in IPSec VPNs. Any tampering of the header, including NAT, corrupts it. So, NAT makes this security feature impossible to use. For those who don't know what this implies, authenticated headers ensure the data comes from where it claims and has not been tampered with.

http://en.wikipedia.org/wiki/Authentication_Header##Authentication_Header

--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >
This Thread
Follow Ups