Re: Large edu's doing NAT campus wide?

[Clifford Collins <Collinsc () FRANKLIN EDU>]

Perhaps what I'm about to say should be forked to another discussion. Unlike the subject title, we are a small edu 
doing NAT using the large 10.0.0.0 private address block. As a result, I have the joy of scanning a large, empty space 
on a regular basis. This is a royal pain in the scanner.
 
Am I wasting my time empirically verifying that our routers and switches aren't servicing rogue devices in the vastness 
of 16.7 million possible addresses? Should I only be concerned with the few dozen class C blocks we have assigned for 
official use? How do you deal with patrolling the alleys of your network?
 
Clifford A. Collins
Network Security Administrator
Franklin University
201 South Grant Avenue
Columbus, Ohio 43215
"Security is a process, not a product"

> > > Joe St Sauver <joe () OREGON UOREGON EDU> 4/28/2007 8:06 PM >>>
Hi,

Is anyone aware of a study of large edu's who are doing NAT
campus wide?

I know the universal answer machine (aka Google) probably knows,
but my Google-foo is failing me on this one.

Assuming the problem is actually that no one has done a study 
of this so far, I'd also be delighted to hear about any noteworthy
individual campus examples which folks may happen to know about. 

Thanks,

Joe St Sauver (joe () oregon uoregon edu)
http://www.uoregon.edu/~joe/