[33112] in North American Network Operators' Group

home	help	back	first	fref	pref	prev	next	nref	lref	last	post

RE: RFC1918 addresses to permit in for VPN?

daemon@ATHENA.MIT.EDU (John Fraizer)
Fri Dec 29 19:04:39 2000

Date: Fri, 29 Dec 2000 19:01:12 -0500 (EST)
From: John Fraizer <nanog@EnterZone.Net>
To: "Deron J. Ringen" <djr@eng.bellsouth.net>
Cc: Simon Lyall <simon.lyall@ihug.co.nz>, nanog@merit.edu
In-Reply-To: <NEBBLOMNADAAGMHJKLDCCECACHAA.djr@eng.bellsouth.net>
Message-ID: <Pine.LNX.4.21.0012291858580.29995-100000@Overkill.EnterZone.Net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu


On Fri, 29 Dec 2000, Deron J. Ringen wrote:

> 
> > -----Original Message-----
> > From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of
> > Simon Lyall
> > Sent: Friday, December 29, 2000 3:03 PM
> > To: nanog@merit.edu
> > Subject: Re: RFC1918 addresses to permit in for VPN?
> .
> .
> > One of the companies we work with has 192.168 address for some of the
> > radius servers we have to talk to, we are directly connected to them so
> > it's not a big pain but it's just so ugly.
> .
> .
> That makes perfect sense to me...there is not a better way to protect a box
> from a DOS/hack than to only give it a private address.   Why expose a box
> to the outside world if there is not a need???

Deron,

Ever heard of an access list?  Didn't think so.

> Deron J. Ringen
> Sr. Network Architect
> BellSouth Internet Services

Typical.

---
John Fraizer
EnterZone, Inc

home	help	back	first	fref	pref	prev	next	nref	lref	last	post