If you are NAT'd the port number MAY offer you no protection.
There are NAT's which attempt to preserve port numbers and
actually do a pretty good job of doing that.
If you are NAT'd the NAT MAY provide protection for nameservers
that do not randomize their source ports by randomising the
source port as a side effect of the NAT process.
There are also NAT's which serialize the ports and NAT's
which only emit one port and potentially serialize the qid
as well.
The only thing you can say about NATs is because there is
no standard they can be doing ANYTHING to the queries. This
is one of the reasons NAT's are a abomination that people
should be working to remove as soon as possible.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_A...@isc.org
--
to unsubscribe send a message to namedroppe...@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>
I agree with you that there is a difference. The problem
of course is that you often don't know that a ALG is also
installed in the NAT box.
You generally buy a NAT (router in some markets) and have
no idea of what's inside as the vendors don't give you
enough details. You are also often not in a position to
see the traffic on both sides as the upstream may be a
cable/dsl modem and not ethernet.