nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: RFC1918 addresses to permit in for VPN?

From: Stephen Griffin <stephen.griffin () rcn com>
Date: Tue, 2 Jan 2001 23:51:33 -0500 (EST)

In the referenced message, Deron J. Ringen said:

Using RFC1918 space also gets you an IP range where the outside world has
no route to it -- Sorry, but no packets are not getting there, ergo no way
to hack.

.
.

At that point, just by use of simple routing, you've effectively
eliminated 100% of attacks from the outside, and you only have to worry
about inside.  The front door is secure, now work on the back door.


I know that this thread as escalated unrestrained,  however this is the
original point that I attempted to make.

...djr...


LSR not withstanding, anyone directly connected to you can devise
their own routing via static routes. Anyone on your own network
doesn't need to (assuming their defaulted.) rfc1918 is merely an illusion.
If you're taking care of the "inside", you've already added the security
which rfc1918 isn't providing. This is the point that I believe many others
are trying to make. Security through obscurity is no security at all.

Stephen
Previous By Date Next
Previous By Thread Next

Current thread: