nanog mailing list archives

Re: Arguing against using public IP space

From: "Dobbins, Roland" <rdobbins () arbor net>
Date: Sun, 13 Nov 2011 16:42:16 +0000


On Nov 13, 2011, at 10:36 PM, Jason Lewis wrote:

I don't want to start a flame war, but this article seems flawed to me.


The real issue is interconnecting SCADA systems to publicly-routed networks, not the choice of potentially routable 
space vs. RFC1918 space for SCADA networks, per se.  If I've an RFC1918-addressed SCADA network which is interconnected 
to a publicly-routed- and -accessible network, then an attacker can work to compromise a host on the 
publicly-accessible network and then jump from there to the RFC1918 SCADA network.

I think I could announce private IP space, so doesn't that make this argument invalid?


Most networks, except those which haven't implemented the most basic BCPs, wouldn't accept your announcements of 
RFC1918 or otherwise-reserved space.  It's likely that your peers/upstreams wouldn't accept them in the first place, 
much less propagate them.

-----------------------------------------------------------------------
Roland Dobbins <rdobbins () arbor net> // <http://www.arbornetworks.com>

                The basis of optimism is sheer terror.

                          -- Oscar Wilde

Current thread:

Re: Have they stopped teaching Defense in Depth?, (continued)
- - - Re: Have they stopped teaching Defense in Depth? Owen DeLong (Nov 16)
    - RE: Have they stopped teaching Defense in Depth? Jamie Bowden (Nov 16)
    - Re: Have they stopped teaching Defense in Depth? Owen DeLong (Nov 16)
    - Re: Have they stopped teaching Defense in Depth? William Herrin (Nov 16)
    - Re: Have they stopped teaching Defense in Depth? Owen DeLong (Nov 16)
    - Re: Have they stopped teaching Defense in Depth? Jimmy Hess (Nov 16)
    - Re: Have they stopped teaching Defense in Depth? Jay Ashworth (Nov 16)
    - RE: Have they stopped teaching Defense in Depth? Leigh Porter (Nov 16)
    - Re: Have they stopped teaching Defense in Depth? Valdis . Kletnieks (Nov 16)
    - RE: Have they stopped teaching Defense in Depth? Jamie Bowden (Nov 16)
- Re: Arguing against using public IP space Dobbins, Roland (Nov 13)
  - Re: Arguing against using public IP space Jay Ashworth (Nov 13)
    - Re: Arguing against using public IP space Dobbins, Roland (Nov 13)
    - Re: Arguing against using public IP space Brett Frankenberger (Nov 13)
    - Re: Arguing against using public IP space Jay Ashworth (Nov 13)
    - Re: Arguing against using public IP space Joe Greco (Nov 13)
    - Re: Arguing against using public IP space Joel jaeggli (Nov 13)
    - Re: Arguing against using public IP space Joe Greco (Nov 14)
    - Re: Arguing against using public IP space Dobbins, Roland (Nov 13)
    - Re: Arguing against using public IP space Joe Greco (Nov 14)
    - Re: Arguing against using public IP space Valdis . Kletnieks (Nov 13)

(Thread continues...)