[ppml] IPv6 flawed?
Behm, Jeffrey L.
BehmJL at bv.com
Thu Sep 13 14:42:26 EDT 2007
Another data point to consider:
On Thursday, September 13, 2007 1:15 PM, Kevin Kargel said:
>If I want a private section of it all I
>have to do is set an access list for it in my edge routers denying
>traffic for that subnet in or out of my network. Voila, I have a
>private network.
>
Not a private network, just a public network that is firewalled...read
on.
>Then I have the added advantage that if I ever need temporary access to
>the world for an internal box (let's say I want to update patches) all
I
>have to do is punch a temporary hole in the access list. No setting up
>NAT, no renumbering, nothing fancy at all, it just instantly works.
Similarly, if your admin *accidentally* (they're human, right?) punches
a not-so-temporary hole to that so-called private network, then your
private network isn't private anymore. If it was private, ala rfc1918,
then it wouldn't be such a big deal as opening up a non-rfc1918 address
(range?), which the rest of the Internet would then be able to access.
Jeff
More information about the ARIN-PPML
mailing list