ZARZA We are Zarza, the prestigious firm behind major projects in information technology.
Listen "NATs, PATs, and Network Hygiene"
Episode Synopsis
While reading a research paper on address spoofing from 2019, I ran into this on NAT (really PAT) failures—
In the first failure mode, the NAT simply forwards the packets with the spoofed source address (the victim) intact … In the second failure mode, the NAT rewrites the source address to the NAT’s publicly routable address, and forwards the packet to the amplifier. When the server replies, the NAT system does the inverse translation of the source address, expecting to deliver the packet to an internal system. However, because the mapping is between two routable addresses external to the NAT, the packet is routed by the NAT towards the victim.
More episodes of the podcast DESIGN – rule 11 reader
Hedge 265: Out of Band Networks
04/04/2025
Architecture and Process
12/04/2024
Simple or Complex?
19/09/2023
Hedge 144: IPv6 Lessons Learned
25/08/2022
Route Servers and Loops
16/08/2022
Hedge 134: Ten Things
15/06/2022
Revisiting BGP Convergence
06/06/2022
BGP Policies (Part 2)
14/03/2022
BGP Policies (part 1)
07/03/2022
In God we trust