[e2e] 100% NAT - a DoS proof internet
David P. Reed
dpreed at reed.com
Tue Feb 21 09:04:24 PST 2006
alok wrote:
>Any chances that NATs will no longer be stateful?
>
>
The danger is the other direction - every vendor and his brother wants
to put state into the relay nodes (routers, firewalls) because they
think that blocking communcations is the route to power (for their
version of "good") over the Internet. The current craze in
"communications economics" is the argument that no sustainable business
model can support deployment of expensive routers unless those routers
decode and understand every bit of every packet and determine how much
to charge for each bit.
"If only we can block all choice in communications, everybody will be
perfectly safe" is how I paraphrase (in admittedly hyperbolic form)
about 99% of the security "experts" on the planet already. And now we
have the self described "economics experts" suggesting blocking as a way
to build revenues.
This is a vicious recursive cycle, because more stateful inspection and
analysis just increases the investment and adds points of vulnerability
to "attack". So it seems inevitable that we will end up with the
perfect, 100% unconnected Internet of 2010. (innovation also goes out
the window, but I think the mere trend towards disconnection has already
pushed most of the innovators away, because they look farther down the
road and see the problems).
More information about the end2end-interest
mailing list