North American Network Operators Group
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
RE: RFC1918 addresses to permit in for VPN?
- From: Jason Lewis
- Date: Sun Dec 31 17:05:06 2000
I am a little lost as to what the real argument is.....
Don't use RFC1918 addresses on public networks.
or
Don't use RFC1918 addresses on as a security measure.
I don't use RF1918 address on public networks, but I do use them on my
backend systems and at some level I consider it a security measure. Those
backend machines don't have access to the Internet and the private
addressing helps ensure that is true. Is my thinking flawed?
jas
-----Original Message-----
From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of
Stephen Stuart
Sent: Sunday, December 31, 2000 4:41 PM
To: Derek J. Balling
Cc: nanog@merit.edu
Subject: Re: RFC1918 addresses to permit in for VPN?
> No, but putting your car on a private road that you need to circumvent
> several roadblocks to reach IS a pretty good deterrent to its being in an
> accident.
I doubt the roadblocks are anything serious in most cases; if all
you're doing is RFC1918 addressing, then source-routing on the
attacker's side can probably make your box theirs in short order. Most
people of this ilk I've encountered think so highly of RFC1918
addressing as a security measure that they blindly assume no other
precautions are necessary. I would hope that no-one on this list would
stoop to *that* level of stupidity. Presenting a "security by
obscurity" argument is bad enough.
Stephen
|
