Educause Security Discussion mailing list archives

Re: 10-space is L..A..R..G..E (was Re: Large edu's doing NAT campus wide?

From: Valdis Kletnieks <Valdis.Kletnieks () VT EDU>
Date: Tue, 1 May 2007 08:14:11 -0400

On Mon, 30 Apr 2007 10:38:11 EDT, Clifford Collins said:

Doesn't this assume that our routers are configured correctly and that
there are no bugs in the vendor's routing code that would allow exploitation?
I don't want to appear overly paranoid but, as the "security guy" I'm
expected to deal with an imperfect world.


If your routers aren't properly configured to route the subnets of 10/8
that you're actually using, security is the least of your problems. :)

I would rather find a way to actively route all traffic from the unassigned
subnets to something I can use to detect the presence of rogue devices.


Sane routing protocols do a longest-match. So you just inject all your
*proper* 10.1.1/24 and 10.1.2/24 and other actual subnets - and then inject
a route for 10/8 that lists your Snort sensor as "next-hop" :)

Attachment: _bin
Description:

Current thread:

Re: 10-space is L..A..R..G..E (was Re: Large edu's doing NAT campus wide? Buz Dale (Apr 30)
- <Possible follow-ups>
- Re: 10-space is L..A..R..G..E (was Re: Large edu's doing NAT campus wide? Clifford Collins (Apr 30)
- Re: 10-space is L..A..R..G..E (was Re: Large edu's doing NAT campus wide? Jeff Kell (Apr 30)
- Re: 10-space is L..A..R..G..E (was Re: Large edu's doing NAT campus wide? Glenn Forbes Fleming Larratt (Apr 30)
- Re: 10-space is L..A..R..G..E (was Re: Large edu's doing NAT campus wide? Jeff Kell (Apr 30)
- Re: 10-space is L..A..R..G..E (was Re: Large edu's doing NAT campus wide? Valdis Kletnieks (May 01)