On 16 December 2015 at 13:01, Alexey Eromenko <al4321(_at_)gmail(_dot_)com>
wrote:
We can't defend vs Mangling devices fully, sadly. (without encryption)
What if data-mangling device (NAT), changes port, and re-computes new
good checksum on it... ?
Server will accept a valid-data of a packet, that doesn't belong to the
Being self-centered bastard I don't care about NAT or other devices
which intentionally mangle packets. Protecting against them is not
priority to me. If the data mangling happens in Internet core, it
affects everyone, it's priority that those issues are recognised at
the next hop, so that it's easy to identify which node mangled it.
It's WAY smaller problem domain when you're faced with 'there are some
mangled packets' when everyone who complains happens to behind
specific NAT box. Compared to if it's some tier1 router is silently
mangling, complaints can come anywhere in the world, triangulating
that to one specific router in the world is slow and expensive (i.e.
not gonna happen).
--
++ytti