nanog mailing list archives
Re: Arguing against using public IP space
From: Valdis.Kletnieks () vt edu
Date: Tue, 15 Nov 2011 13:38:52 -0500
On Tue, 15 Nov 2011 17:16:23 GMT, Leigh Porter said:
Quite right.. I bet all Iran's nuclear facilities have air gaps but they let people in with laptops and USB sticks.
And that's the point - *most* networks have so many bigger issues that the whole "NAT makes us secure" mantra is dangerous self-delusion. If you have machines in the NAT area where you're actually concerned that "ZOMG the firewall might fail and expose them", why aren't they airgapped? As the Iranians discovered, if the attacker gets a foothold inside the NAT you're screwed anyhow, and *that* is probably a lot more likely scenario than a fail-open firewall..
Attachment:
_bin
Description:
Current thread:
- RE: Arguing against using public IP space, (continued)
- RE: Arguing against using public IP space Chuck Church (Nov 13)
- Re: Arguing against using public IP space Phil Regnauld (Nov 13)
- RE: Arguing against using public IP space Chuck Church (Nov 13)
- RE: Arguing against using public IP space McCall, Gabriel (Nov 14)
- Re: Arguing against using public IP space William Herrin (Nov 14)
- Re: Arguing against using public IP space Owen DeLong (Nov 15)
- Re: Arguing against using public IP space Leigh Porter (Nov 15)
- Re: Arguing against using public IP space Valdis . Kletnieks (Nov 15)
- RE: Arguing against using public IP space Chuck Church (Nov 15)
- Re: Arguing against using public IP space Leigh Porter (Nov 15)
- Re: Arguing against using public IP space Valdis . Kletnieks (Nov 15)
- Re: Arguing against using public IP space William Herrin (Nov 15)
- Re: Arguing against using public IP space -Hammer- (Nov 15)
- Re: Arguing against using public IP space Cameron Byrne (Nov 15)
- Re: Arguing against using public IP space -Hammer- (Nov 15)
- Re: Arguing against using public IP space Valdis . Kletnieks (Nov 15)
- Re: Arguing against using public IP space Jay Ashworth (Nov 15)
- Re: Arguing against using public IP space Owen DeLong (Nov 15)
- Re: Arguing against using public IP space Joe Greco (Nov 15)
- Re: Arguing against using public IP space Owen DeLong (Nov 15)
- Re: Arguing against using public IP space Joe Greco (Nov 15)