[30088] in North American Network Operators' Group
RE: RFC 1918
daemon@ATHENA.MIT.EDU (John Fraizer)
Fri Jul 14 19:32:35 2000
Date: Fri, 14 Jul 2000 19:05:21 -0400 (EDT)
From: John Fraizer <nanog@EnterZone.Net>
To: Jamie Rishaw <jamie.rishaw@mypotential.com>
Cc: "'Bennett Todd'" <bet@rahul.net>,
"Gary E. Miller" <gem@rellim.com>, nanog@merit.edu
In-Reply-To: <B12B27355515D411B82300D0B744568307366A@DHARMA>
Message-ID: <Pine.LNX.4.21.0007141857300.10754-100000@Overkill.EnterZone.Net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
> OARnet is doing it for "security" last I talked to them (which was
> several years ago), they've been using RFC1918 on transit links for a while
> now, CIP ohio-dmz.net.
>
> -jamie
Security? I have not, nor do I plan to, but I can think of tons of
different points on OARnet directly and two places offnet that one could
inject packets into their network and get to those routers, 1918 addressed
or not.
What ever happened to using good old access-lists on the router for
security and blocking traffic destined for the router itself at the
borders? It seems to be a much better security model than using 1918
space on the routers. Beyond that, it lets you actually have REAL
in-addr.arpa replies for the WAN interfaces in a traceroute.
Then again, being an OS-hUge activity, it is very much in character for
them to do things their own way and damn the world if they don't like it.
I'm convinced that the only thing OS-hUge breeds is primadonnas with
a worthless piece of paper that proves they wasted their money and several
years of their life.
---
John Fraizer
EnterZone, Inc
