[146498] in North American Network Operators' Group
Re: Arguing against using public IP space
daemon@ATHENA.MIT.EDU (Jeroen van Aart)
Mon Nov 14 19:35:56 2011
Date: Mon, 14 Nov 2011 16:35:30 -0800
From: Jeroen van Aart <jeroen@mompl.net>
To: nanog@nanog.org
In-Reply-To: <CAP-guGUBuvpNiUEe2c_rxa8CJJr-LM1ub0zEJrwsY-H0C5JJ1Q@mail.gmail.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
William Herrin wrote:
> If your machine is addressed with a globally routable IP, a trivial
> failure of your security apparatus leaves your machine addressable
> from any other host in the entire world which wishes to send it
Isn't that the case with IPv6? That the IP is addressable from any host
in the entire (IPv6) world? And isn't that considered a good thing?
I don't think that being addressable from anywhere is a security hole in
and of itself. It's how you implement and (mis)configure your firewall
and related things that is the (potential) security hole. Whether the IP
is world addressable or not
> with all your stuff. Yet when you forget to throw the deadbolt, it
> does stop an intruder from simply turning the knob and wandering in.
Personally I prefer car analogies when it comes to explaining (complex)
computer matters. ;-)
Greetings,
Jeroen
--
Earthquake Magnitude: 5.2
Date: Monday, November 14, 2011 22:08:15 UTC
Location: eastern Turkey
Latitude: 38.6644; Longitude: 43.0993
Depth: 10.00 km
