Mailing List Archive: NANOG: users

Another LTE network turns up as IPv4-only squat space + NAT

Index | Next | Previous | View Threaded

cb.list6 at gmail

Jul 17, 2012, 4:53 PM

Post #1 of 13 (875 views)
Permalink

Another LTE network turns up as IPv4-only squat space + NAT

FYI http://www.dslreports.com/forum/r27324698-LTE-access-early-

So much for next generation technology ...

CB

trejrco at gmail

Jul 17, 2012, 5:40 PM

Post #2 of 13 (833 views)
Permalink

Re: Another LTE network turns up as IPv4-only squat space + NAT [In reply to]

On Jul 17, 2012 7:54 PM, "Cameron Byrne" <cb.list6 [at] gmail> wrote:
>
> FYI http://www.dslreports.com/forum/r27324698-LTE-access-early-
>
> So much for next generation technology ...

No IPv6, and using duplicate IPv4 space. #sigh #fail

/TJ

streiner at cluebyfour

Jul 17, 2012, 9:24 PM

Post #3 of 13 (825 views)
Permalink

Re: Another LTE network turns up as IPv4-only squat space + NAT [In reply to]

On Tue, 17 Jul 2012, Cameron Byrne wrote:

> FYI http://www.dslreports.com/forum/r27324698-LTE-access-early-

Short-sighted and foolish. Shame on you, Sprint.

jms

khomyakov.andrey at gmail

Jul 18, 2012, 6:24 PM

Post #4 of 13 (816 views)
Permalink

Re: Another LTE network turns up as IPv4-only squat space + NAT [In reply to]

So some "comments" on the intertubes claim that DoD ok'd use of it's
unadvertized space on private networks. Is there any official reference
that may support this statement that anyone of you have seen out there?

--Andrey

trejrco at gmail

Jul 18, 2012, 6:35 PM

Post #5 of 13 (810 views)
Permalink

Re: Another LTE network turns up as IPv4-only squat space + NAT [In reply to]

Even if they did OK it (which i doubt), actually using it - especially in a
public/customer facing / visible deployment - is a Bad Idea.
*Traceability fail and possibly creating unreachable networks out there ...*

/TJ

On Wed, Jul 18, 2012 at 9:24 PM, Andrey Khomyakov <
khomyakov.andrey [at] gmail> wrote:

> So some "comments" on the intertubes claim that DoD ok'd use of it's
> unadvertized space on private networks. Is there any official reference
> that may support this statement that anyone of you have seen out there?
>
> --Andrey
>

shortdudey123 at gmail

Jul 18, 2012, 6:52 PM

Post #6 of 13 (809 views)
Permalink

Re: Another LTE network turns up as IPv4-only squat space + NAT [In reply to]

I am on sprint and my ip is always in the 20. net even though my wan up is
totally different.

Grant

On Wednesday, July 18, 2012, TJ wrote:

> Even if they did OK it (which i doubt), actually using it - especially in a
> public/customer facing / visible deployment - is a Bad Idea.
> *Traceability fail and possibly creating unreachable networks out there
> ...*
>
> /TJ
>
>
> On Wed, Jul 18, 2012 at 9:24 PM, Andrey Khomyakov <
> khomyakov.andrey [at] gmail <javascript:;>> wrote:
>
> > So some "comments" on the intertubes claim that DoD ok'd use of it's
> > unadvertized space on private networks. Is there any official reference
> > that may support this statement that anyone of you have seen out there?
> >
> > --Andrey
> >
>

chuckchurch at gmail

Jul 18, 2012, 7:36 PM

Post #7 of 13 (810 views)
Permalink

RE: Another LTE network turns up as IPv4-only squat space + NAT [In reply to]

I disagree. I see it as an extra layer of security. If DOD had a network
with address space 'X', obviously it's not advertised to the outside. It
never interacts with public network. Having it duplicated on the outside
world adds an extra layer of complexity to a hacker trying to access it.
It's not a be-all/end-all, but it's a plus. A hacker who's partially in the
network may try to access network 'X', but it routes to the outside world,
tripping IDSs...

Chuck

-----Original Message-----
From: TJ [mailto:trejrco [at] gmail]
Sent: Wednesday, July 18, 2012 9:36 PM
To: Andrey Khomyakov
Cc: Nanog
Subject: Re: Another LTE network turns up as IPv4-only squat space + NAT

Even if they did OK it (which i doubt), actually using it - especially in a
public/customer facing / visible deployment - is a Bad Idea.
*Traceability fail and possibly creating unreachable networks out there ...*

/TJ

On Wed, Jul 18, 2012 at 9:24 PM, Andrey Khomyakov <
khomyakov.andrey [at] gmail> wrote:

> So some "comments" on the intertubes claim that DoD ok'd use of it's
> unadvertized space on private networks. Is there any official
> reference that may support this statement that anyone of you have seen out
there?
>
> --Andrey
>

mansaxel at besserwisser

Jul 19, 2012, 1:50 AM

Post #8 of 13 (805 views)
Permalink

Re: Another LTE network turns up as IPv4-only squat space + NAT [In reply to]

Subject: RE: Another LTE network turns up as IPv4-only squat space + NAT Date: Wed, Jul 18, 2012 at 10:36:31PM -0400 Quoting Chuck Church (chuckchurch [at] gmail):
> I disagree. I see it as an extra layer of security. If DOD had a network
> with address space 'X', obviously it's not advertised to the outside. It
> never interacts with public network. Having it duplicated on the outside
> world adds an extra layer of complexity to a hacker trying to access it.
> It's not a be-all/end-all, but it's a plus. A hacker who's partially in the
> network may try to access network 'X', but it routes to the outside world,
> tripping IDSs...

Then DoD should go for using something like the v6 documentation prefix
or similar. It both is in many peoples filters and (as referenced here
recently) is being used for stuff that "never" (promise! or at least not
until we change our minds) is going to need connectivity.

I do not see DoD handing back its allocations in the name of promoting
unreachability by swapping it for reusable space.. It probably values
the uniqueness property of allocated space too much. And rightly so.

No, reusing somebody's prefix is A Very Bad Idea. I'm having a very hard
time believing the alleged "ok" is anything but cheap talk.

--
Måns Nilsson primary/secondary/besserwisser/machina
MN-1334-RIPE +46 705 989668
The Osmonds! You are all Osmonds!! Throwing up on a freeway at dawn!!!

Attachments:

signature.asc (0.19 KB)

bmanning at vacation

Jul 19, 2012, 2:41 AM

Post #9 of 13 (807 views)
Permalink

Re: Another LTE network turns up as IPv4-only squat space + NAT [In reply to]

On Wed, Jul 18, 2012 at 10:36:31PM -0400, Chuck Church wrote:
> I disagree. I see it as an extra layer of security. If DOD had a network
> with address space 'X', obviously it's not advertised to the outside. It
> never interacts with public network. Having it duplicated on the outside
-----------------------------------
> world adds an extra layer of complexity to a hacker trying to access it.
> It's not a be-all/end-all, but it's a plus. A hacker who's partially in the
> network may try to access network 'X', but it routes to the outside world,
> tripping IDSs...
>
> Chuck

Never is a -very- long time.
That said, -IF- DoD did authorize another party/contractor to utilize
some DoD address blocks, its not clear if that LOA would be public.

/bill

joelja at bogus

Jul 25, 2012, 7:51 AM

Post #10 of 13 (771 views)
Permalink

Re: Another LTE network turns up as IPv4-only squat space + NAT [In reply to]

On 7/18/12 6:24 PM, Andrey Khomyakov wrote:
> So some "comments" on the intertubes claim that DoD ok'd use of it's
> unadvertized space on private networks. Is there any official reference
> that may support this statement that anyone of you have seen out there?
The arpanet prefix(10/8) was returned to IANA circa 1990 it's now RFC
1918. everything else is urban myth.
> --Andrey
>

rdobbins at arbor

Jul 25, 2012, 9:19 PM

Post #11 of 13 (766 views)
Permalink

Re: Another LTE network turns up as IPv4-only squat space + NAT [In reply to]

On Jul 19, 2012, at 3:50 PM, M�ns Nilsson wrote:

> No, reusing somebody's prefix is A Very Bad Idea.

Concur 100%. There is no security value to doing this whatsoever - quite the opposite, given the possible negative consequences to reachability and, thus, availability.

-----------------------------------------------------------------------
Roland Dobbins <rdobbins [at] arbor> // <http://www.arbornetworks.com>

Luck is the residue of opportunity and design.

-- John Milton

Yi.Chu at sprint

Aug 20, 2012, 6:57 AM

Post #12 of 13 (625 views)
Permalink

RE: Another LTE network turns up as IPv4-only squat space + NAT [In reply to]

It is not about security. It is about finding enough bits to service 7 digits number of subs.

yi

-----Original Message-----
From: Dobbins, Roland [mailto:rdobbins [at] arbor]
Sent: Thursday, July 26, 2012 12:19 AM
To: NANOG list
Subject: Re: Another LTE network turns up as IPv4-only squat space + NAT

On Jul 19, 2012, at 3:50 PM, M�ns Nilsson wrote:

> No, reusing somebody's prefix is A Very Bad Idea.

Concur 100%. There is no security value to doing this whatsoever - quite the opposite, given the possible negative consequences to reachability and, thus, availability.

-----------------------------------------------------------------------
Roland Dobbins <rdobbins [at] arbor> // <http://www.arbornetworks.com>

Luck is the residue of opportunity and design.

-- John Milton

________________________________

This e-mail may contain Sprint Nextel proprietary information intended for the sole use of the recipient(s). Any use by others is prohibited. If you are not the intended recipient, please contact the sender and delete all copies of the message.

streiner at cluebyfour

Aug 22, 2012, 8:57 AM

Post #13 of 13 (624 views)
Permalink

RE: Another LTE network turns up as IPv4-only squat space + NAT [In reply to]

On Mon, 20 Aug 2012, Chu, Yi [NTK] wrote:

> It is not about security. It is about finding enough bits to service 7
> digits number of subs.

IPv6 takes care of that problem quite effectively :)

If there is a major amount of gear in the network that will not support
IPv6 (apply bat to vendor as appropriate), then I can understand going
down the road of IPv4 + CGN, but I would consider that to be an absolute
last resort. Not much upside, lots of downside.

jms

> -----Original Message-----
> From: Dobbins, Roland [mailto:rdobbins [at] arbor]
> Sent: Thursday, July 26, 2012 12:19 AM
> To: NANOG list
> Subject: Re: Another LTE network turns up as IPv4-only squat space + NAT
>
>
> On Jul 19, 2012, at 3:50 PM, M�ns Nilsson wrote:
>
>> No, reusing somebody's prefix is A Very Bad Idea.
>
> Concur 100%. There is no security value to doing this whatsoever - quite the opposite, given the possible negative consequences to reachability and, thus, availability.
>
> -----------------------------------------------------------------------
> Roland Dobbins <rdobbins [at] arbor> // <http://www.arbornetworks.com>
>
> Luck is the residue of opportunity and design.
>
> -- John Milton
>
>
>
>
> ________________________________
>
> This e-mail may contain Sprint Nextel proprietary information intended for the sole use of the recipient(s). Any use by others is prohibited. If you are not the intended recipient, please contact the sender and delete all copies of the message.
>
>
>

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads