North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: RFC1918 addresses to permit in for VPN?

  • From: John Fraizer
  • Date: Sun Dec 31 16:54:31 2000

On Sun, 31 Dec 2000, Stephen Stuart wrote:

> > No, but putting your car on a private road that you need to circumvent
> > several roadblocks to reach IS a pretty good deterrent to its being in an
> > accident.
> I doubt the roadblocks are anything serious in most cases; if all
> you're doing is RFC1918 addressing, then source-routing on the
> attacker's side can probably make your box theirs in short order. Most
> people of this ilk I've encountered think so highly of RFC1918
> addressing as a security measure that they blindly assume no other
> precautions are necessary. I would hope that no-one on this list would
> stoop to *that* level of stupidity. Presenting a "security by
> obscurity" argument is bad enough.
> Stephen

Blocking source-routed packets at the borders will stop this in short
order, except for those of you who peer with people who require "loose
source routing".  (Randy, I believe it was Verio that required this, am I

John Fraizer
EnterZone, Inc