Re: RFC1918 addresses to permit in for VPN?

[Andrew Brown <twofsonet () graffiti com>]

>   Because private addresses have no global meaning, routing information
>   about private networks shall not be propagated on inter-enterprise
>   links, and packets with private source or destination addresses
>   should not be forwarded across such links.
>
> so any isp which lets the outside world see a packet with a source in 1918
> space is in direct violation of 1918.

...which is not the same as "any isp which allows the outside world to
send it a packet with a source in 1918 space is in direct violation of
1918".

my feeling is that if you're going to use 1918 space as backbone space
(which i would never do, but many people do do), you should do your
best to make sure that no one sees that those addresses are being
used.  not in the interest of security, mind you, but rather since
there are other problems with letting people see your dirty laundry.
i merely pointed out bt as a particularly egregious (in my eyes)
offender of that tenet.

my opinion, of course.

-- 
|-----< "CODE WARRIOR" >-----|
codewarrior () daemon org             * "ah!  i see you have the internet
twofsonet () graffiti com (Andrew Brown)                that goes *ping*!"
andrew () crossbar com       * "information is power -- share the wealth."