Network address translators: effects on security protocols and applications in the TCP/IP stack

Jia-Ning Luo Jia-Ning Luo,Fu-Shen Ho Fu-Shen Ho,Shiuh-Pyng Shieh Shiuh-Pyng Shieh,Yu-Lun Huang Yu-Lun Huang

doi:10.1109/4236.895015

Jia-Ning Luo Jia-Ning Luo, Fu-Shen Ho Fu-Shen Ho + Show 2 more

Open Access

https://doi.org/10.1109/4236.895015

Copy DOI

Abstract

One proposed method for mitigating the address shortage problem in IPv4 is to use network address translators (NATs) to allow address reuse. The basic idea is to transparently map a wide set of private network addresses and corresponding TCP/UDP ports to a small set of globally unique public network addresses and ports. NAT devices provide a way to handle IP address depletion incrementally, without changing hosts and routers, until more long-term approaches like IPv6 can be implemented. Existing Internet security protocols must be re-examined, however, to see how they function within this new network environment. We begin with a description of the four NAT environments and a discussion of their limitations. We then examine the relationships between NAT devices and popular Internet security protocols and applications at each layer of the TCP/IP stack to see if they can survive with NAT devices.

Full Text