[33144] in North American Network Operators' Group
Re: RFC1918 addresses to permit in for VPN?
daemon@ATHENA.MIT.EDU (John Fraizer)
Sun Dec 31 16:53:48 2000
Date: Sun, 31 Dec 2000 16:51:43 -0500 (EST)
From: John Fraizer <nanog@EnterZone.Net>
To: Stephen Stuart <stuart@mfnx.net>
Cc: "Derek J. Balling" <dredd@megacity.org>, nanog@merit.edu
In-Reply-To: <200012312141.eBVLf3V01775@hi.tech.org>
Message-ID: <Pine.LNX.4.21.0012311647400.26306-100000@Overkill.EnterZone.Net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
On Sun, 31 Dec 2000, Stephen Stuart wrote:
>
> > No, but putting your car on a private road that you need to circumvent
> > several roadblocks to reach IS a pretty good deterrent to its being in an
> > accident.
>
> I doubt the roadblocks are anything serious in most cases; if all
> you're doing is RFC1918 addressing, then source-routing on the
> attacker's side can probably make your box theirs in short order. Most
> people of this ilk I've encountered think so highly of RFC1918
> addressing as a security measure that they blindly assume no other
> precautions are necessary. I would hope that no-one on this list would
> stoop to *that* level of stupidity. Presenting a "security by
> obscurity" argument is bad enough.
>
> Stephen
>
>
Blocking source-routed packets at the borders will stop this in short
order, except for those of you who peer with people who require "loose
source routing". (Randy, I believe it was Verio that required this, am I
mistaken?)
---
John Fraizer
EnterZone, Inc
