Re: 10-space is L..A..R..G..E (was Re: Large edu's doing NAT campus wide?

[Buz Dale <buz.dale () USG EDU>]

Maybe instead of using the whole 10.0.0.0 you only route the smaller
class "c"s that are assigned.  Then you could drop anything to or from
the address ranges that aren't assigned.
Luck,
Buz


On 4/30/07, Glenn Forbes Fleming Larratt <gl89 () cornell edu> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Might you optimize your process by polling your router infrastructure
> for live ARP entries, and only scanning those?
>
> - --
> Glenn Forbes Fleming Larratt
> Cornell University IT Security Office
>
> On Mon, 30 Apr 2007, Clifford Collins wrote:
>
> > Perhaps what I'm about to say should be forked to another discussion.
> > Unlike the subject title, we are a small edu doing NAT using the large
> > 10.0.0.0 private address block. As a result, I have the joy of scanning
> > a large, empty space on a regular basis. This is a royal pain in the
> > scanner.
> >
> > Am I wasting my time empirically verifying that our routers and switches
> > aren't servicing rogue devices in the vastness of 16.7 million possible
> > addresses? Should I only be concerned with the few dozen class C blocks
> > we have assigned for official use? How do you deal with patrolling the
> > alleys of your network?
> >
> > Clifford A. Collins
> > Network Security Administrator
> > Franklin University
> > 201 South Grant Avenue
> > Columbus, Ohio 43215
> > "Security is a process, not a product"
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.1 (MingW32)
>
> iD8DBQFGNfIsLyw7nZwiKgQRApeJAKCaqjzSgoIamQ2E2yJU58aWqCs4mQCgmpqz
> 4+MtMcFMU2HUsWERwrU7aEA=
> =k76J
> -----END PGP SIGNATURE-----


--
Buz Dale                                buz.dale () usg edu
IT Security Specialist              1-888-875-3697 (In GA)
1-706-583-2005
Office of Information and Instructional Technology
University System of Georgia
GMT -5:00