North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: RFC1918 addresses to permit in for VPN?

  • From: Bill Woodcock
  • Date: Sun Dec 31 17:11:56 2000

      On Sun, 31 Dec 2000, John Fraizer wrote:
    > Blocking source-routed packets at the borders will stop this in short
    > order

If we're talking about people with enough clue to know to block
source-routed packets, we're presumably also talking about people with
enough clue to not rely on security-by-obscurity in the first place.

Of course 1918 space has its place.  One of my customers has more than a
million wind turbines, each with its own IP address for management.  No
way in hell I'd tell them to use real address space for that.  But they
aren't relying upon the coincidence of a different address space to
provide some kind of false sense of security.  No, they have a _firewall_
like sensible people, which _throws away_ the packets they don't want to
see.

                                -Bill