nanog mailing list archives
Re: RFC1918 addresses to permit in for VPN?
From: John Fraizer <nanog () EnterZone Net>
Date: Sun, 31 Dec 2000 16:51:43 -0500 (EST)
On Sun, 31 Dec 2000, Stephen Stuart wrote:
No, but putting your car on a private road that you need to circumvent several roadblocks to reach IS a pretty good deterrent to its being in an accident.I doubt the roadblocks are anything serious in most cases; if all you're doing is RFC1918 addressing, then source-routing on the attacker's side can probably make your box theirs in short order. Most people of this ilk I've encountered think so highly of RFC1918 addressing as a security measure that they blindly assume no other precautions are necessary. I would hope that no-one on this list would stoop to *that* level of stupidity. Presenting a "security by obscurity" argument is bad enough. Stephen
Blocking source-routed packets at the borders will stop this in short order, except for those of you who peer with people who require "loose source routing". (Randy, I believe it was Verio that required this, am I mistaken?) --- John Fraizer EnterZone, Inc
Current thread:
- Re: RFC1918 addresses to permit in for VPN?, (continued)
- Re: RFC1918 addresses to permit in for VPN? Andrew Brown (Dec 29)
- Re: RFC1918 addresses to permit in for VPN? Simon Lyall (Dec 29)
- RE: RFC1918 addresses to permit in for VPN? Deron J. Ringen (Dec 29)
- RE: RFC1918 addresses to permit in for VPN? John Fraizer (Dec 29)
- Re: RFC1918 addresses to permit in for VPN? Geoffrey Zinderdine (Dec 29)
- Re: RFC1918 addresses to permit in for VPN? Bill Fumerola (Dec 30)
- RE: RFC1918 addresses to permit in for VPN? Randy Bush (Dec 31)
- RE: RFC1918 addresses to permit in for VPN? Derek J. Balling (Dec 31)
- RE: RFC1918 addresses to permit in for VPN? Randy Bush (Dec 31)
- Re: RFC1918 addresses to permit in for VPN? Stephen Stuart (Dec 31)
- Re: RFC1918 addresses to permit in for VPN? John Fraizer (Dec 31)
- Re: RFC1918 addresses to permit in for VPN? Bill Woodcock (Dec 31)
- Re: RFC1918 addresses to permit in for VPN? Randy Bush (Dec 31)
- Re: RFC1918 addresses to permit in for VPN? Mark Mentovai (Dec 31)
- Re: RFC1918 addresses to permit in for VPN? Randy Bush (Dec 31)
- Re: RFC1918 addresses to permit in for VPN? Andrew Brown (Dec 31)
- Re: RFC1918 addresses to permit in for VPN? John Hawkinson (Dec 31)
- Re: RFC1918 addresses to permit in for VPN? Dana Hudes (Dec 31)
- Re: RFC1918 addresses to permit in for VPN? Stephen Stuart (Dec 31)
- Re: RFC1918 addresses to permit in for VPN? Andrew Brown (Dec 31)
- Re: RFC1918 addresses to permit in for VPN? Stephen Stuart (Dec 31)