> I don't know what the state of the art in Linux firewalling is these days,
> but OpenBSD (for example) has a few features that are quite useful for
> hiding the fact that you're performing NAT for a home network. In theory,
> there's no reason a NAT device should be detectable at all with proper
> countermeasures.
Actually, with NAT, there's really no way to detect that a machine/network
is even on/connected, except for the sniffing of outgoing traffic. IMO,
Linux NAT has caught up to OpenBSD's, although iptables and [i]pf/ipnat
are still syntactically disparate.
> Of course, if somebody is sniffing your IP and sees 6 different browser
> ID strings referencing different operating systems in various HTTP
> connections, they might start to think something's up...
> I have always ignored silly restrictions on connecting multiple machines.
> I pay for the pipe, and refuse to be nickle-and-dimed for "extras" that
> cost the provider little or nothing. If anything, they should be grateful
> for NAT boxes that reduce their need for public IP address space.
Hear, hear! It actually costs them LESS if you don't register an IP for
every machine. Of course, they miss out on the opportunity to make their
300% profit margin.
Levi
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 20:02:38 EDT