|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: RFC1918 addresses to permit in for VPN?
I am a little lost as to what the real argument is..... Don't use RFC1918 addresses on public networks. or Don't use RFC1918 addresses on as a security measure. I don't use RF1918 address on public networks, but I do use them on my backend systems and at some level I consider it a security measure. Those backend machines don't have access to the Internet and the private addressing helps ensure that is true. Is my thinking flawed? jas -----Original Message----- From: [email protected] [mailto:[email protected]]On Behalf Of Stephen Stuart Sent: Sunday, December 31, 2000 4:41 PM To: Derek J. Balling Cc: [email protected] Subject: Re: RFC1918 addresses to permit in for VPN? > No, but putting your car on a private road that you need to circumvent > several roadblocks to reach IS a pretty good deterrent to its being in an > accident. I doubt the roadblocks are anything serious in most cases; if all you're doing is RFC1918 addressing, then source-routing on the attacker's side can probably make your box theirs in short order. Most people of this ilk I've encountered think so highly of RFC1918 addressing as a security measure that they blindly assume no other precautions are necessary. I would hope that no-one on this list would stoop to *that* level of stupidity. Presenting a "security by obscurity" argument is bad enough. Stephen
|