[33143] in North American Network Operators' Group
Re: RFC1918 addresses to permit in for VPN?
daemon@ATHENA.MIT.EDU (Stephen Stuart)
Sun Dec 31 16:43:02 2000
Message-Id: <200012312141.eBVLf3V01775@hi.tech.org>
To: "Derek J. Balling" <dredd@megacity.org>
Cc: nanog@merit.edu
In-reply-to: Your message of "Sun, 31 Dec 2000 12:14:30 PST."
<p0501040db67543fce91f@[63.201.65.219]>
Date: Sun, 31 Dec 2000 13:41:03 -0800
From: Stephen Stuart <stuart@mfnx.net>
Errors-To: owner-nanog-outgoing@merit.edu
> No, but putting your car on a private road that you need to circumvent
> several roadblocks to reach IS a pretty good deterrent to its being in an
> accident.
I doubt the roadblocks are anything serious in most cases; if all
you're doing is RFC1918 addressing, then source-routing on the
attacker's side can probably make your box theirs in short order. Most
people of this ilk I've encountered think so highly of RFC1918
addressing as a security measure that they blindly assume no other
precautions are necessary. I would hope that no-one on this list would
stoop to *that* level of stupidity. Presenting a "security by
obscurity" argument is bad enough.
Stephen
