[146431] in North American Network Operators' Group
Re: Arguing against using public IP space
daemon@ATHENA.MIT.EDU (Dobbins, Roland)
Sun Nov 13 11:42:30 2011
From: "Dobbins, Roland" <rdobbins@arbor.net>
To: North American Network Operators' Group <nanog@nanog.org>
Date: Sun, 13 Nov 2011 16:42:16 +0000
In-Reply-To: <CA+buB7eG7z0kxh-UZgJqvE8pQqFwY3iRkS+Up7buCLqTi5Dctg@mail.gmail.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Nov 13, 2011, at 10:36 PM, Jason Lewis wrote:
> I don't want to start a flame war, but this article seems flawed to me.=20
The real issue is interconnecting SCADA systems to publicly-routed networks=
, not the choice of potentially routable space vs. RFC1918 space for SCADA =
networks, per se. If I've an RFC1918-addressed SCADA network which is inte=
rconnected to a publicly-routed- and -accessible network, then an attacker =
can work to compromise a host on the publicly-accessible network and then j=
ump from there to the RFC1918 SCADA network.=20
> I think I could announce private IP space, so doesn't that make this argu=
ment invalid?=20
Most networks, except those which haven't implemented the most basic BCPs, =
wouldn't accept your announcements of RFC1918 or otherwise-reserved space. =
It's likely that your peers/upstreams wouldn't accept them in the first pl=
ace, much less propagate them.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com>
The basis of optimism is sheer terror.
-- Oscar Wilde
