I don't know if they still do it, but AtHome's AtWork used private
addressing for WAN links to T1 customers.
I know that AT&T's CDPD network uses private addressing as well. Only time
my host is up is when I'm driving (yeah, watch out for the freak driving and
using ssh to fix routers):
tracerouting to han-cdpd.artoo.net:
8 144.232.18.138 (144.232.18.138) 27.021 ms 27.966 ms 31.880 ms
9 gbr4-p50.sffca.ip.att.net (12.123.13.70) 26.515 ms 30.128 ms 91.739
ms
10 gbr3-p50.st6wa.ip.att.net (12.122.2.62) 43.395 ms 44.815 ms 42.398 ms
11 gbr2-p10.st6wa.ip.att.net (12.122.5.166) 44.782 ms 44.792 ms 48.202
ms
12 ar1-a3120s1.st6wa.ip.att.net (12.127.6.137) 44.002 ms 48.997 ms
42.120 ms
13 * *
*
14 * * *
15 * * *
16 mes129034064.airdata.net (166.129.34.64) 525.449 ms 507.090 ms
502.152 ms
>From my host I hit 3-4 172 addresses before I get to public AT&T IP space.
On that note, check out http://www.traceloop.com/. Seems like an
interesting idea to me.
--
Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.net/
Cisco resources: http://r2cisco.artoo.net/
""Howard C. Berkowitz"" <[EMAIL PROTECTED]> wrote in message
news:p05001904b6c01af4cbb9@[63.216.127.100]...
> >Really? So you wouldn't recommend using RFC 1918 addressing in a
transient
> >network, say, for a customer (end user) production network, as a means of
> >securing the routers/switches that transport the data? The servers used
> >direct server return (http://www.foundrynet.com/genFaqDSR.html), and
didn't
> >incur the performance penalty usually associated with NAT...
>
> I'm not sure what you mean by a transient network.
>
> But if the hosts on that network connect to the Internet, they should:
>
> 1. Tunnel to endpoints using private address space (i.e., you are
> building a VPN)
> 2. Use registered address space
> 3. Use private address space and NAT on the proivider side.
>
> It concerns me, however, that private address space, without being
> discussed along with explicit filtering and other complementary
> security mechanisms, can be thought of as adding any reliable level
> of security. Yes, you may not be reachable in the global Internet.
> But without other controls, you might be quite accessible from other
> customers of the same providers.
>
> Private addressing does have a place, and a good one. But it
> shouldn't EVER appear, IMNSHO, in ANY global Internet communications,
> whether those are the sources of packets or simply traceroute
> results. Too many operational and security implications.
>
> I don't think use of RFC 1918 for any form of Internet connectivity
> can be consistent with RFC 2828 and related anti-hacking measures.
>
> >
> >I've built several networks using this type addressing scheme, in
> >conjunction with the use of OSPF and haven't had any problems... I
realize
> >that this is not the same class of network (ISP), but it was a design
used
> >for several e-commerce sites...
> >
> >I would just like to know other peoples' opinion on this practice,
> >especially yours, Howard... :)
> >
> >Thanks
> >Brant I. Stevens
> >Internetwork Solutions Engineer
> >Thrupoint, Inc.
> >545 Fifth Avenue, 14th Floor
> >New York, NY. 10017
> >646-562-6540
> >
> >-----Original Message-----
> >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> >Howard C. Berkowitz
> >Sent: Sunday, February 25, 2001 6:32 PM
> >To: [EMAIL PROTECTED]
> >Subject: Re: Private Internet Addressing
> >
> >
> >This remains a continuing thread on NANOG.
> >
> >My personal view is that the world has certain ISPs, such as cais.net
> >DSL and apparently US West in your example, that exist for the same
> >reason as do warthogs: to make roses even more beautiful.
> >
> >Several major ISPs have this pernicious practice, which confuses
> >traceroute (in several ways), reverse DNS, and MTU path discovery.
> >They are ISPs with significant allocations of address space and
> >should be able to get more.
> >
> >I personally believe that anyone that uses private address space in a
> >path where public traffic will EVER route through one of the
> >addresses, is, at best, being irresponsible. Sort of like looking
> >for the gas leak with a lighted match.
> >
> >
> >>I did a traceroute to one of US West's customers... got some
> >>interesting results:
> >>
> >>13 206 ms 179 ms 123 ms gig0-0-0.phnx-sust1.phnx.uswest.net
> >>[206.80.192.253]
> >>14 1016 ms 151 ms 975 ms 207.224.191.2
> >>15 233 ms 124 ms 123 ms 192.168.8.1
> >>16 151 ms 179 ms 123 ms 192.168.100.147
> >>17 247 ms 192 ms 151 ms vdsl-130-13-102-120.phnx.uswest.net
> >>[130.13.102.120]
> >>
> >>RFC 1918 - "Address Allocation for Private Internets" indicates
> >>192.168.0.0 through 192.168.255.255 (192.168/16 prefix) is reserved
> >>for private internets. Hops 15 and 16 in my traceroute show that
> >>addresses within this range are being used publically.
> >>
> >>Did I miss something? Have the "for private use only" IP addresses
> >>now been given the green light to be used within the internet?
> >>
> >> -- Leigh Anne
> >>
> >
> >_________________________________
> >FAQ, list archives, and subscription info:
> >http://www.groupstudy.com/list/cisco.html
> >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
> _________________________________
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
