nanog mailing list archives
Re: Why is RFC1918 space in public DNS evil?
From: Jim Mercer <jim () reptiles org>
Date: Mon, 18 Sep 2006 08:55:47 -0400
On Mon, Sep 18, 2006 at 08:36:44AM -0400, Daniel Senie wrote:
At 04:33 AM 9/18/2006, Jim Mercer wrote:if the hosts inside the VPN can only be accessed by hostnames served up inside the VPN, then it is more likely the users can be confident that their data is actually traversing the VPN. it works, or it don't.Or, the user's computer is still caching information. Internet Explorer is does this, and other browsers may as well. I keep a link to a script on my Windows desktop labelled "Flush DNS" and wind up using it often. If the user is accessing sites across the VPN, and as another poster writes the VPN drops, packets containing juicy, private information could well leak out in places people didn't intend. As risks go, this might not be too severe in many cases, but if you were doing a security assessment for sarbox or hippa, would you consider it safe? Do the remote sites indeed have filters blocking traffic to/from RFC1918 space that don't traverse the VPN?
maybe ut some null routes on the PC's for the blocks, and have them overridden when the VPN comes up. could be done as part of the install of the VPN software/config? -- [ Jim Mercer jim () reptiles org +971 50 436-3874 ] [ I want to live forever, or die trying. ]
Current thread:
- Why is RFC1918 space in public DNS evil? Matthew Palmer (Sep 18)
- Re: Why is RFC1918 space in public DNS evil? Petri Helenius (Sep 18)
- Re: Why is RFC1918 space in public DNS evil? Gadi Evron (Sep 18)
- Re: Why is RFC1918 space in public DNS evil? Jim Mercer (Sep 18)
- Re: Why is RFC1918 space in public DNS evil? Daniel Senie (Sep 18)
- Re: Why is RFC1918 space in public DNS evil? Jim Mercer (Sep 18)
- Re: Why is RFC1918 space in public DNS evil? Gadi Evron (Sep 18)
- Re: Why is RFC1918 space in public DNS evil? Petri Helenius (Sep 18)
- Re: Why is RFC1918 space in public DNS evil? Michael Nicks (Sep 18)
- Re: Why is RFC1918 space in public DNS evil? Fred Baker (Sep 18)
- Re: Why is RFC1918 space in public DNS evil? Gadi Evron (Sep 18)
- Re: Why is RFC1918 space in public DNS evil? Valdis . Kletnieks (Sep 18)