[33154] in North American Network Operators' Group
Re: RFC1918 addresses to permit in for VPN?
daemon@ATHENA.MIT.EDU (Andrew Brown)
Sun Dec 31 20:27:16 2000
Date: Sun, 31 Dec 2000 20:25:18 -0500
From: Andrew Brown <twofsonet@graffiti.com>
To: Randy Bush <randy@psg.com>
Cc: Mark Mentovai <mark-list@mentovai.com>, nanog@merit.edu
Message-ID: <20001231202518.A12170@noc.untraceable.net>
Reply-To: Andrew Brown <atatat@atatdot.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <E14CsQI-0001XM-00@rip.psg.com>; from randy@psg.com on Sun, Dec 31, 2000 at 04:01:58PM -0800
Errors-To: owner-nanog-outgoing@merit.edu
> Because private addresses have no global meaning, routing information
> about private networks shall not be propagated on inter-enterprise
> links, and packets with private source or destination addresses
> should not be forwarded across such links.
>
>so any isp which lets the outside world see a packet with a source in 1918
>space is in direct violation of 1918.
...which is not the same as "any isp which allows the outside world to
send it a packet with a source in 1918 space is in direct violation of
1918".
my feeling is that if you're going to use 1918 space as backbone space
(which i would never do, but many people do do), you should do your
best to make sure that no one sees that those addresses are being
used. not in the interest of security, mind you, but rather since
there are other problems with letting people see your dirty laundry.
i merely pointed out bt as a particularly egregious (in my eyes)
offender of that tenet.
my opinion, of course.
--
|-----< "CODE WARRIOR" >-----|
codewarrior@daemon.org * "ah! i see you have the internet
twofsonet@graffiti.com (Andrew Brown) that goes *ping*!"
andrew@crossbar.com * "information is power -- share the wealth."
