nanog mailing list archives
Re: Common operational misconceptions
From: Ridwan Sami <rms2176 () columbia edu>
Date: Thu, 16 Feb 2012 21:35:03 -0500
End user devices will not benefit from end-to-end connectivity (e.g., globally routeable IPv4 addresses as opposed to being in a RFC1918 space behind NAT).
If I have a wildcard DNS record, *.example.edu AAAA 2001:db8::5, then adding in an explicit record, x.example.edu AAAA 2001:db8::5, will make no visible difference.
There is no legitimate reason for a user to use BitTorrent (someone will probably disagree with this).
Our organization is not running out of IPv4 addresses so we don't need IPv6. (Similarly: Our orginization is running out of IPv4 addresses so that's why we need IPv6.)
I can't use IPv6 because I still need to serve IPv4 clients.Any IP that starts with 192 is a private IP and any IP that starts with 169 is a self-assigned.
Authentication by client IP address alone is sufficient.Long passwords requiring letters, numbers, and symbols with a no-repeat policy and a 90-day maximum password age are very secure.
+1 for "We should drop all ICMP(v6) traffic." (Related: "I can't ping the box so it must be down.")
+1 for "NAT is security".Regarding "DNS only uses UDP", I give out a technical test during interviews and one of the questions is basically "Use iptables to block incoming DNS traffic" and all applicants so far have only blocked UDP port 53.
Current thread:
- Re: Common operational misconceptions, (continued)
- Re: Common operational misconceptions Owen DeLong (Feb 19)
- Re: Common operational misconceptions Joe Greco (Feb 19)
- Re: Common operational misconceptions Mark Andrews (Feb 19)
- Re: Common operational misconceptions Owen DeLong (Feb 20)
- Re: Common operational misconceptions Jimmy Hess (Feb 19)
- Re: Common operational misconceptions Karl Auer (Feb 19)
- Re: Common operational misconceptions Masataka Ohta (Feb 19)
- Re: Common operational misconceptions Andrew Jones (Feb 19)
- Re: Common operational misconceptions Jimmy Hess (Feb 19)
- Re: Common operational misconceptions Valdis . Kletnieks (Feb 20)
- Re: Common operational misconceptions Jay Ashworth (Feb 17)
- Re: Common operational misconceptions Sven Olaf Kamphuis (Feb 17)
- Re: Common operational misconceptions Eugen Leitl (Feb 17)
- Re: Common operational misconceptions Sven Olaf Kamphuis (Feb 17)