RE: Another LTE network turns up as IPv4-only squat space + NAT
It is not about security. It is about finding enough bits to service 7 digits number of subs. yi -Original Message- From: Dobbins, Roland [mailto:rdobb...@arbor.net] Sent: Thursday, July 26, 2012 12:19 AM To: NANOG list Subject: Re: Another LTE network turns up as IPv4-only squat space + NAT On Jul 19, 2012, at 3:50 PM, Måns Nilsson wrote: No, reusing somebody's prefix is A Very Bad Idea. Concur 100%. There is no security value to doing this whatsoever - quite the opposite, given the possible negative consequences to reachability and, thus, availability. --- Roland Dobbins rdobb...@arbor.net // http://www.arbornetworks.com Luck is the residue of opportunity and design. -- John Milton This e-mail may contain Sprint Nextel proprietary information intended for the sole use of the recipient(s). Any use by others is prohibited. If you are not the intended recipient, please contact the sender and delete all copies of the message.
RE: Another LTE network turns up as IPv4-only squat space + NAT
On Mon, 20 Aug 2012, Chu, Yi [NTK] wrote: It is not about security. It is about finding enough bits to service 7 digits number of subs. IPv6 takes care of that problem quite effectively :) If there is a major amount of gear in the network that will not support IPv6 (apply bat to vendor as appropriate), then I can understand going down the road of IPv4 + CGN, but I would consider that to be an absolute last resort. Not much upside, lots of downside. jms -Original Message- From: Dobbins, Roland [mailto:rdobb...@arbor.net] Sent: Thursday, July 26, 2012 12:19 AM To: NANOG list Subject: Re: Another LTE network turns up as IPv4-only squat space + NAT On Jul 19, 2012, at 3:50 PM, Måns Nilsson wrote: No, reusing somebody's prefix is A Very Bad Idea. Concur 100%. There is no security value to doing this whatsoever - quite the opposite, given the possible negative consequences to reachability and, thus, availability. --- Roland Dobbins rdobb...@arbor.net // http://www.arbornetworks.com Luck is the residue of opportunity and design. -- John Milton This e-mail may contain Sprint Nextel proprietary information intended for the sole use of the recipient(s). Any use by others is prohibited. If you are not the intended recipient, please contact the sender and delete all copies of the message.
Re: Another LTE network turns up as IPv4-only squat space + NAT
On 7/18/12 6:24 PM, Andrey Khomyakov wrote: So some comments on the intertubes claim that DoD ok'd use of it's unadvertized space on private networks. Is there any official reference that may support this statement that anyone of you have seen out there? The arpanet prefix(10/8) was returned to IANA circa 1990 it's now RFC 1918. everything else is urban myth. --Andrey
Re: Another LTE network turns up as IPv4-only squat space + NAT
On Jul 19, 2012, at 3:50 PM, Måns Nilsson wrote: No, reusing somebody's prefix is A Very Bad Idea. Concur 100%. There is no security value to doing this whatsoever - quite the opposite, given the possible negative consequences to reachability and, thus, availability. --- Roland Dobbins rdobb...@arbor.net // http://www.arbornetworks.com Luck is the residue of opportunity and design. -- John Milton
Re: Another LTE network turns up as IPv4-only squat space + NAT
Subject: RE: Another LTE network turns up as IPv4-only squat space + NAT Date: Wed, Jul 18, 2012 at 10:36:31PM -0400 Quoting Chuck Church (chuckchu...@gmail.com): I disagree. I see it as an extra layer of security. If DOD had a network with address space 'X', obviously it's not advertised to the outside. It never interacts with public network. Having it duplicated on the outside world adds an extra layer of complexity to a hacker trying to access it. It's not a be-all/end-all, but it's a plus. A hacker who's partially in the network may try to access network 'X', but it routes to the outside world, tripping IDSs... Then DoD should go for using something like the v6 documentation prefix or similar. It both is in many peoples filters and (as referenced here recently) is being used for stuff that never (promise! or at least not until we change our minds) is going to need connectivity. I do not see DoD handing back its allocations in the name of promoting unreachability by swapping it for reusable space.. It probably values the uniqueness property of allocated space too much. And rightly so. No, reusing somebody's prefix is A Very Bad Idea. I'm having a very hard time believing the alleged ok is anything but cheap talk. -- Måns Nilsson primary/secondary/besserwisser/machina MN-1334-RIPE +46 705 989668 The Osmonds! You are all Osmonds!! Throwing up on a freeway at dawn!!! signature.asc Description: Digital signature
Re: Another LTE network turns up as IPv4-only squat space + NAT
On Wed, Jul 18, 2012 at 10:36:31PM -0400, Chuck Church wrote: I disagree. I see it as an extra layer of security. If DOD had a network with address space 'X', obviously it's not advertised to the outside. It never interacts with public network. Having it duplicated on the outside --- world adds an extra layer of complexity to a hacker trying to access it. It's not a be-all/end-all, but it's a plus. A hacker who's partially in the network may try to access network 'X', but it routes to the outside world, tripping IDSs... Chuck Never is a -very- long time. That said, -IF- DoD did authorize another party/contractor to utilize some DoD address blocks, its not clear if that LOA would be public. /bill
Re: Another LTE network turns up as IPv4-only squat space + NAT
So some comments on the intertubes claim that DoD ok'd use of it's unadvertized space on private networks. Is there any official reference that may support this statement that anyone of you have seen out there? --Andrey
Re: Another LTE network turns up as IPv4-only squat space + NAT
Even if they did OK it (which i doubt), actually using it - especially in a public/customer facing / visible deployment - is a Bad Idea. *Traceability fail and possibly creating unreachable networks out there ...* /TJ On Wed, Jul 18, 2012 at 9:24 PM, Andrey Khomyakov khomyakov.and...@gmail.com wrote: So some comments on the intertubes claim that DoD ok'd use of it's unadvertized space on private networks. Is there any official reference that may support this statement that anyone of you have seen out there? --Andrey
Re: Another LTE network turns up as IPv4-only squat space + NAT
I am on sprint and my ip is always in the 20. net even though my wan up is totally different. Grant On Wednesday, July 18, 2012, TJ wrote: Even if they did OK it (which i doubt), actually using it - especially in a public/customer facing / visible deployment - is a Bad Idea. *Traceability fail and possibly creating unreachable networks out there ...* /TJ On Wed, Jul 18, 2012 at 9:24 PM, Andrey Khomyakov khomyakov.and...@gmail.com javascript:; wrote: So some comments on the intertubes claim that DoD ok'd use of it's unadvertized space on private networks. Is there any official reference that may support this statement that anyone of you have seen out there? --Andrey
RE: Another LTE network turns up as IPv4-only squat space + NAT
I disagree. I see it as an extra layer of security. If DOD had a network with address space 'X', obviously it's not advertised to the outside. It never interacts with public network. Having it duplicated on the outside world adds an extra layer of complexity to a hacker trying to access it. It's not a be-all/end-all, but it's a plus. A hacker who's partially in the network may try to access network 'X', but it routes to the outside world, tripping IDSs... Chuck -Original Message- From: TJ [mailto:trej...@gmail.com] Sent: Wednesday, July 18, 2012 9:36 PM To: Andrey Khomyakov Cc: Nanog Subject: Re: Another LTE network turns up as IPv4-only squat space + NAT Even if they did OK it (which i doubt), actually using it - especially in a public/customer facing / visible deployment - is a Bad Idea. *Traceability fail and possibly creating unreachable networks out there ...* /TJ On Wed, Jul 18, 2012 at 9:24 PM, Andrey Khomyakov khomyakov.and...@gmail.com wrote: So some comments on the intertubes claim that DoD ok'd use of it's unadvertized space on private networks. Is there any official reference that may support this statement that anyone of you have seen out there? --Andrey
Another LTE network turns up as IPv4-only squat space + NAT
FYI http://www.dslreports.com/forum/r27324698-LTE-access-early- So much for next generation technology ... CB
Re: Another LTE network turns up as IPv4-only squat space + NAT
On Jul 17, 2012 7:54 PM, Cameron Byrne cb.li...@gmail.com wrote: FYI http://www.dslreports.com/forum/r27324698-LTE-access-early- So much for next generation technology ... No IPv6, and using duplicate IPv4 space. #sigh #fail /TJ
Re: Another LTE network turns up as IPv4-only squat space + NAT
On Tue, 17 Jul 2012, Cameron Byrne wrote: FYI http://www.dslreports.com/forum/r27324698-LTE-access-early- Short-sighted and foolish. Shame on you, Sprint. jms