Home page logo
/

nanog logo nanog mailing list archives

Re: Common operational misconceptions
From: Michael Sinatra <michael () rancid berkeley edu>
Date: Thu, 16 Feb 2012 14:41:56 -0800

On 02/15/12 23:34, Owen DeLong wrote:
I think one of the most damaging fundamental misconceptions which is
not only rampant among students, but, also enterprise IT professionals
is the idea that NAT is a security tool and the inability to conceive of the
separation between NAT (header mutilation) and Stateful Inspection
(policy enforcement).

Another misconception is that RFC 1918 somehow implies/specifies/requires NAT. The idea of using private address without NATing them seems to totally bewilder some people. And they often can't wrap their heads around the possibility of routing RFC 1918 space internally and also not using NAT. (This causes them to be even more confused at the fact that RFC 4193 specifies ULA for IPv6, but there is no stateful NAT currently specified.)

Concepts/words that often get confused:

Difference between 'allocation' and 'assignment' in IP addressing.

Use of the word "IP" alone to mean "IP address," e.g.:

Person: "Does that server have an IP assigned?"
Me: "Yeah, it's got a whole stack."

Then, of course, there's the silly situation where people mean to say "rogue" but they type "rouge" as in "rouge DHCP server," "rouge RA advertiser," etc.

michael


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]