North American Network Operators Group
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
Re: RFC1918 addresses to permit in for VPN?
- From: John Fraizer
- Date: Sun Dec 31 16:54:31 2000
On Sun, 31 Dec 2000, Stephen Stuart wrote:
>
> > No, but putting your car on a private road that you need to circumvent
> > several roadblocks to reach IS a pretty good deterrent to its being in an
> > accident.
>
> I doubt the roadblocks are anything serious in most cases; if all
> you're doing is RFC1918 addressing, then source-routing on the
> attacker's side can probably make your box theirs in short order. Most
> people of this ilk I've encountered think so highly of RFC1918
> addressing as a security measure that they blindly assume no other
> precautions are necessary. I would hope that no-one on this list would
> stoop to *that* level of stupidity. Presenting a "security by
> obscurity" argument is bad enough.
>
> Stephen
>
>
Blocking source-routed packets at the borders will stop this in short
order, except for those of you who peer with people who require "loose
source routing". (Randy, I believe it was Verio that required this, am I
mistaken?)
---
John Fraizer
EnterZone, Inc
|
