Brian K. White wrote:
Build some sort of checksum into the base protocols so that *real* NAT (proxies would still be possible, and that's just fine) would not be possible without breaking the checksum, and thus ensure that no machine anywhere can spoof it's activities.
That already happens with authentication headers in IPSec VPNs. Any tampering of the header, including NAT, corrupts it. So, NAT makes this security feature impossible to use. For those who don't know what this implies, authenticated headers ensure the data comes from where it claims and has not been tampered with. http://en.wikipedia.org/wiki/Authentication_Header##Authentication_Header -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org