I have made a test build of the FireBrick with RFC3514 support in it. Firewall rules can test for the evil bit set or unset, and can cause the evil bit to be set on the session so that, for example, NATted sessions can have the evil bit set.
Yes, bit of fun - and I may put in a production release one day (perhaps next April). However, it has been made a semi serious suggestion (Ray Bellis) that this could be done on CGNAT systems allowing both ends to know that they are working via some sort of NAT or otherwise mangling of headers system on the way. The bit gets set on replies on the session as well for this reason.
The concept is that where a device tries IPv4 and IPv6 at the same time, and gets replies, it can tell from the replies that the IPv4 is being mangled and prefer the IPv6 even if apparently slower to reply.
So now, not only do we all know NAT is evil, but we can have the evil bit actually tell us that :-)
Subscribe to:
Post Comments (Atom)
One Touch Switching
It has been some weeks since One Touch Switching was fully live. TOTSCO say over 100,000 switch orders now, so it is making good progress, ...
-
Broadband services are a wonderful innovation of our time, using multiple frequency bands (hence the name) to carry signals over wires (us...
-
For many years I used a small stand-alone air-conditioning unit in my study (the box room in the house) and I even had a hole in the wall fo...
-
It seems there is something of a standard test string for anti virus ( wikipedia has more on this). The idea is that systems that look fo...
niiiiiiice!
ReplyDeleteI like it