[155004] in North American Network Operators' Group
Re: Another LTE network turns up as IPv4-only squat space + NAT
daemon@ATHENA.MIT.EDU (=?utf-8?B?TcOlbnM=?= Nilsson)
Thu Jul 19 04:50:53 2012
Date: Thu, 19 Jul 2012 10:50:02 +0200
From: =?utf-8?B?TcOlbnM=?= Nilsson <mansaxel@besserwisser.org>
To: Chuck Church <chuckchurch@gmail.com>
In-Reply-To: <009801cd6557$503c6d70$f0b54850$@gmail.com>
Cc: 'Nanog' <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--qLni7iB6Dl8qUSwk
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Subject: RE: Another LTE network turns up as IPv4-only squat space + NAT Da=
te: Wed, Jul 18, 2012 at 10:36:31PM -0400 Quoting Chuck Church (chuckchurch=
@gmail.com):
> I disagree. I see it as an extra layer of security. If DOD had a network
> with address space 'X', obviously it's not advertised to the outside. It
> never interacts with public network. Having it duplicated on the outside
> world adds an extra layer of complexity to a hacker trying to access it.
> It's not a be-all/end-all, but it's a plus. A hacker who's partially in =
the
> network may try to access network 'X', but it routes to the outside world,
> tripping IDSs...
Then DoD should go for using something like the v6 documentation prefix
or similar. It both is in many peoples filters and (as referenced here
recently) is being used for stuff that "never" (promise! or at least not=20
until we change our minds) is going to need connectivity.
I do not see DoD handing back its allocations in the name of promoting
unreachability by swapping it for reusable space.. It probably values
the uniqueness property of allocated space too much. And rightly so.
No, reusing somebody's prefix is A Very Bad Idea. I'm having a very hard
time believing the alleged "ok" is anything but cheap talk.
--=20
M=C3=A5ns Nilsson primary/secondary/besserwisser/machina
MN-1334-RIPE +46 705 989668
The Osmonds! You are all Osmonds!! Throwing up on a freeway at dawn!!!
--qLni7iB6Dl8qUSwk
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAlAHyjoACgkQ02/pMZDM1cUVxQCdGAWLTMB5nU0gmjfCFugLbJo7
9PoAnizeBrKmKgAgz0OX6ORQb5mW9zAI
=uKsD
-----END PGP SIGNATURE-----
--qLni7iB6Dl8qUSwk--
