I am a little lost as to what the real argument is..... Don't use RFC1918 addresses on public networks. or Don't use RFC1918 addresses on as a security measure. I don't use RF1918 address on public networks, but I do use them on my backend systems and at some level I consider it a security measure. Those backend machines don't have access to the Internet and the private addressing helps ensure that is true. Is my thinking flawed? jas -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of Stephen Stuart Sent: Sunday, December 31, 2000 4:41 PM To: Derek J. Balling Cc: nanog@merit.edu Subject: Re: RFC1918 addresses to permit in for VPN?
No, but putting your car on a private road that you need to circumvent several roadblocks to reach IS a pretty good deterrent to its being in an accident.
I doubt the roadblocks are anything serious in most cases; if all you're doing is RFC1918 addressing, then source-routing on the attacker's side can probably make your box theirs in short order. Most people of this ilk I've encountered think so highly of RFC1918 addressing as a security measure that they blindly assume no other precautions are necessary. I would hope that no-one on this list would stoop to *that* level of stupidity. Presenting a "security by obscurity" argument is bad enough. Stephen