nanog mailing list archives

RE: RFC1918 addresses to permit in for VPN?

From: "Jason Lewis" <jlewis () jasonlewis net>
Date: Sun, 31 Dec 2000 16:59:36 -0500


I am a little lost as to what the real argument is.....

Don't use RFC1918 addresses on public networks.
or
Don't use RFC1918 addresses on as a security measure.

I don't use RF1918 address on public networks, but I do use them on my
backend systems and at some level I consider it a security measure.  Those
backend machines don't have access to the Internet and the private
addressing helps ensure that is true.  Is my thinking flawed?

jas



-----Original Message-----
From: owner-nanog () merit edu [mailto:owner-nanog () merit edu]On Behalf Of
Stephen Stuart
Sent: Sunday, December 31, 2000 4:41 PM
To: Derek J. Balling
Cc: nanog () merit edu
Subject: Re: RFC1918 addresses to permit in for VPN?

No, but putting your car on a private road that you need to circumvent
several roadblocks to reach IS a pretty good deterrent to its being in an
accident.


I doubt the roadblocks are anything serious in most cases; if all
you're doing is RFC1918 addressing, then source-routing on the
attacker's side can probably make your box theirs in short order. Most
people of this ilk I've encountered think so highly of RFC1918
addressing as a security measure that they blindly assume no other
precautions are necessary. I would hope that no-one on this list would
stoop to *that* level of stupidity. Presenting a "security by
obscurity" argument is bad enough.

Stephen

Current thread:

Re: RFC1918 addresses to permit in for VPN?, (continued)
- - - Re: RFC1918 addresses to permit in for VPN? Bill Woodcock (Dec 31)
    - Re: RFC1918 addresses to permit in for VPN? Randy Bush (Dec 31)
    - Re: RFC1918 addresses to permit in for VPN? Mark Mentovai (Dec 31)
    - Re: RFC1918 addresses to permit in for VPN? Randy Bush (Dec 31)
    - Re: RFC1918 addresses to permit in for VPN? Andrew Brown (Dec 31)
    - Re: RFC1918 addresses to permit in for VPN? John Hawkinson (Dec 31)
    - Re: RFC1918 addresses to permit in for VPN? Dana Hudes (Dec 31)
    - Re: RFC1918 addresses to permit in for VPN? Stephen Stuart (Dec 31)
    - Re: RFC1918 addresses to permit in for VPN? Andrew Brown (Dec 31)
    - Re: RFC1918 addresses to permit in for VPN? Stephen Stuart (Dec 31)
    - RE: RFC1918 addresses to permit in for VPN? Jason Lewis (Dec 31)
    - Re: RFC1918 addresses to permit in for VPN? Stephen Stuart (Dec 31)
    - RE: RFC1918 addresses to permit in for VPN? Bill Woodcock (Dec 31)
- Re: RFC1918 addresses to permit in for VPN? Danny McPherson (Dec 29)
- RE: RFC1918 addresses to permit in for VPN? John Fraizer (Dec 29)
  - Re: RFC1918 addresses to permit in for VPN? Adam Rothschild (Dec 30)
    - Re: RFC1918 addresses to permit in for VPN? Steve Sobol (Dec 30)
- Re: RFC1918 addresses to permit in for VPN? Richard A. Steenbergen (Dec 30)
- RE: RFC1918 addresses to permit in for VPN? Richard A. Steenbergen (Dec 31)