I have made a test build of the FireBrick with RFC3514 support in it. Firewall rules can test for the evil bit set or unset, and can cause the evil bit to be set on the session so that, for example, NATted sessions can have the evil bit set.
Yes, bit of fun - and I may put in a production release one day (perhaps next April). However, it has been made a semi serious suggestion (Ray Bellis) that this could be done on CGNAT systems allowing both ends to know that they are working via some sort of NAT or otherwise mangling of headers system on the way. The bit gets set on replies on the session as well for this reason.
The concept is that where a device tries IPv4 and IPv6 at the same time, and gets replies, it can tell from the replies that the IPv4 is being mangled and prefer the IPv6 even if apparently slower to reply.
So now, not only do we all know NAT is evil, but we can have the evil bit actually tell us that :-)
Subscribe to:
Post Comments (Atom)
Fencing
Bit of fun... We usually put up some Christmas lights on the house - some fairy lights on the metal fencing at the front, but a pain as mean...
-
Broadband services are a wonderful innovation of our time, using multiple frequency bands (hence the name) to carry signals over wires (us... -
For many years I used a small stand-alone air-conditioning unit in my study (the box room in the house) and I even had a hole in the wall fo... -
It seems there is something of a standard test string for anti virus ( wikipedia has more on this). The idea is that systems that look fo...
niiiiiiice!
ReplyDeleteI like it