Educause Security Discussion mailing list archives
Re: 10-space is L..A..R..G..E (was Re: Large edu's doing NAT campus wide?
From: Buz Dale <buz.dale () USG EDU>
Date: Mon, 30 Apr 2007 10:04:27 -0400
Maybe instead of using the whole 10.0.0.0 you only route the smaller class "c"s that are assigned. Then you could drop anything to or from the address ranges that aren't assigned. Luck, Buz On 4/30/07, Glenn Forbes Fleming Larratt <gl89 () cornell edu> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Might you optimize your process by polling your router infrastructure for live ARP entries, and only scanning those? - -- Glenn Forbes Fleming Larratt Cornell University IT Security Office On Mon, 30 Apr 2007, Clifford Collins wrote: > Perhaps what I'm about to say should be forked to another discussion. > Unlike the subject title, we are a small edu doing NAT using the large > 10.0.0.0 private address block. As a result, I have the joy of scanning > a large, empty space on a regular basis. This is a royal pain in the > scanner. > > Am I wasting my time empirically verifying that our routers and switches > aren't servicing rogue devices in the vastness of 16.7 million possible > addresses? Should I only be concerned with the few dozen class C blocks > we have assigned for official use? How do you deal with patrolling the > alleys of your network? > > Clifford A. Collins > Network Security Administrator > Franklin University > 201 South Grant Avenue > Columbus, Ohio 43215 > "Security is a process, not a product" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (MingW32) iD8DBQFGNfIsLyw7nZwiKgQRApeJAKCaqjzSgoIamQ2E2yJU58aWqCs4mQCgmpqz 4+MtMcFMU2HUsWERwrU7aEA= =k76J -----END PGP SIGNATURE-----
-- Buz Dale buz.dale () usg edu IT Security Specialist 1-888-875-3697 (In GA) 1-706-583-2005 Office of Information and Instructional Technology University System of Georgia GMT -5:00
Current thread:
- Re: 10-space is L..A..R..G..E (was Re: Large edu's doing NAT campus wide? Buz Dale (Apr 30)
- <Possible follow-ups>
- Re: 10-space is L..A..R..G..E (was Re: Large edu's doing NAT campus wide? Clifford Collins (Apr 30)
- Re: 10-space is L..A..R..G..E (was Re: Large edu's doing NAT campus wide? Jeff Kell (Apr 30)
- Re: 10-space is L..A..R..G..E (was Re: Large edu's doing NAT campus wide? Glenn Forbes Fleming Larratt (Apr 30)
- Re: 10-space is L..A..R..G..E (was Re: Large edu's doing NAT campus wide? Jeff Kell (Apr 30)
- Re: 10-space is L..A..R..G..E (was Re: Large edu's doing NAT campus wide? Valdis Kletnieks (May 01)