nanog mailing list archives

Re: Arguing against using public IP space


From: Jeroen van Aart <jeroen () mompl net>
Date: Mon, 14 Nov 2011 16:35:30 -0800

William Herrin wrote:
If your machine is addressed with a globally routable IP, a trivial
failure of your security apparatus leaves your machine addressable
from any other host in the entire world which wishes to send it

Isn't that the case with IPv6? That the IP is addressable from any host in the entire (IPv6) world? And isn't that considered a good thing?

I don't think that being addressable from anywhere is a security hole in and of itself. It's how you implement and (mis)configure your firewall and related things that is the (potential) security hole. Whether the IP is world addressable or not

with all your stuff. Yet when you forget to throw the deadbolt, it
does stop an intruder from simply turning the knob and wandering in.

Personally I prefer car analogies when it comes to explaining (complex) computer matters. ;-)

Greetings,
Jeroen

--
Earthquake Magnitude: 5.2
Date: Monday, November 14, 2011 22:08:15 UTC
Location: eastern Turkey
Latitude: 38.6644; Longitude: 43.0993
Depth: 10.00 km


Current thread: