|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: RFC1918 addresses to permit in for VPN?
> Using RFC1918 space also gets you an IP range where the outside world has > no route to it -- Sorry, but no packets are not getting there, ergo no way > to hack. > > Assuming various things that should be standard procedure -- dynamic NAT > as opposed to static, blocking source routing, etc. Blocking source routing should not be standard procedure; as I stated earlier, source routing is much more valuable to me as a debugging tool than RFC1918 addressing is as a "security" tool. > At that point, just by use of simple routing, you've effectively > eliminated 100% of attacks from the outside, and you only have to worry > about inside. The front door is secure, now work on the back door. 100%, huh? You sure must feel safe, then. Good for you! It's a nice feeling when you have it. Stephen
|