[33169] in North American Network Operators' Group
Re: RFC1918 addresses to permit in for VPN?
daemon@ATHENA.MIT.EDU (Stephen Sprunk)
Mon Jan 1 06:22:12 2001
Message-ID: <00cc01c073e4$a12750e0$2f132ca1@glock>
From: "Stephen Sprunk" <ssprunk@cisco.com>
To: <mdevney@teamsphere.com>, "Stephen Stuart" <stuart@mfnx.net>
Cc: <jlewis@jasonlewis.net>, <nanog@merit.edu>
Date: Mon, 1 Jan 2001 05:18:47 -0600
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Errors-To: owner-nanog-outgoing@merit.edu
Thus spake <mdevney@teamsphere.com>
> Using RFC1918 space also gets you an IP range where the outside
> world has no route to it -- Sorry, but no packets are not getting
there,
> ergo no way to hack.
...
> At that point, just by use of simple routing, you've effectively
> eliminated 100% of attacks from the outside, and you only have to
> worry about inside. The front door is secure, now work on the back
> door.
Being convinced you're secure is the surest way to get yourself hacked.
Perfect security is impossible.
Remember, it's not paranoia when they *are* out to get you.
S
| | Stephen Sprunk, K5SSS, CCIE #3723
:|: :|: Network Design Consultant, GSOLE
:|||: :|||: New office: RCDN2 in Richardson, TX
.:|||||||:..:|||||||:. Email: ssprunk@cisco.com
