nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: RFC1918 addresses to permit in for VPN?

From: Bill Woodcock <woody () zocalo net>
Date: Sun, 31 Dec 2000 14:03:56 -0800 (PST)

      On Sun, 31 Dec 2000, John Fraizer wrote:
    > Blocking source-routed packets at the borders will stop this in short
    > order

If we're talking about people with enough clue to know to block
source-routed packets, we're presumably also talking about people with
enough clue to not rely on security-by-obscurity in the first place.

Of course 1918 space has its place.  One of my customers has more than a
million wind turbines, each with its own IP address for management.  No
way in hell I'd tell them to use real address space for that.  But they
aren't relying upon the coincidence of a different address space to
provide some kind of false sense of security.  No, they have a _firewall_
like sensible people, which _throws away_ the packets they don't want to
see.

                                -Bill
Previous By Date Next
Previous By Thread Next

Current thread: