From mboxrd@z Thu Jan  1 00:00:00 1970
Message-ID: <032901c38784$13291c40$b9844051@insultant.net>
From: "boyd, rounin" <boyd@insultant.net>
To: <9fans@cse.psu.edu>
References: <92f848eb1b18661062ea870639204301@caldo.demon.co.uk>
Subject: Re: [9fans] NAT
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Date: Tue, 30 Sep 2003 20:52:58 +0200
Topicbox-Message-UUID: 59123a12-eacc-11e9-9e20-41e7f4b1d025

i think it's a terrible idea.  NAT'd UDP really requires state and that's
what TCP is (roughly).  but the port space is too small and with UDP
you have no idea for how long to wait or if the datagram will come back,
so you're open to a denial of service attack (the T's can be on the
inside too).

i've seen DNS's refuse UDP requests, which have been NAT'd,
'cos they don't come from port 53 -- argh ...