nanog mailing list archives
Re: Arguing against using public IP space
From: Robert Bonomi <bonomi () mail r-bonomi com>
Date: Sun, 13 Nov 2011 10:38:50 -0600 (CST)
On Sun, 13 Nov 2011 10:36:43 -0500, Jason Lewis <jlewis () packetnexus com> wrote;
I don't want to start a flame war, but this article seems flawed to me.
Any article that claims a /12 is a 'class B', and a /16 is a 'Class C', is DEFINITELY 'flawed'.
It seems an IP is an IP.
True. *BUT*, "some IP's are more equal than others", as Orwell would say.
http://www.redtigersecurity.com/security-briefings/2011/9/16/scada-vendors-use-public-routable-ip-addresses-by-default.html I think I could announce private IP space, so doesn't that make this argument invalid?
You likely would have a 'rude surprise' if you actually tried it. It is an express violation of RFCs to announce routing for RFC-1918 space -outside- of your own network. In addition, virtually _every_ ASN operator has ingress filters on their border routers to block almost all traffic to RFC-1918 destinations. "Good net neighbor" operators also run egress filters that block almost all outbound traffic with RFC-1918 _source_ addresses -- things like icmp 'un- reachables' are an exception.
I've always looked at private IP space as more of a resource and management choice and not a security feature.
Current thread:
- Arguing against using public IP space Jason Lewis (Nov 13)
- Re: Arguing against using public IP space Robert Bonomi (Nov 13)
- Re: Arguing against using public IP space Jimmy Hess (Nov 13)
- Re: Arguing against using public IP space David Walker (Nov 13)
- Re: Arguing against using public IP space Jimmy Hess (Nov 13)
- Re: Arguing against using public IP space Jimmy Hess (Nov 13)
- Re: Arguing against using public IP space William Herrin (Nov 13)
- Re: Arguing against using public IP space Phil Regnauld (Nov 13)
- Re: Arguing against using public IP space Doug Barton (Nov 13)
- RE: Arguing against using public IP space Chuck Church (Nov 13)
- Re: Arguing against using public IP space Phil Regnauld (Nov 13)
- RE: Arguing against using public IP space Chuck Church (Nov 13)
- RE: Arguing against using public IP space McCall, Gabriel (Nov 14)
- Re: Arguing against using public IP space Robert Bonomi (Nov 13)