Leif Johansson wrote: > Sigh. This is almost to dumb to respond to and I'll be kicking myself > when the > next stats come out ;-) It is possible to build a good car lock (I > claim) and some > day someone will find the economic incentive to do so.
So there should be no locks on cars until someone finds the economic incentive to build something better than what is there? > > By contrast your private address space does not protect your network > from an > attack which violates the basic assumption that there is an > inside and > an outside. You appear to presume that to be useful a technology must solve all known problems. Address space that is not routed to the world does provide protection from direct attacks. It does not prevent indirect attacks through nodes that have a route. > The added twist from [EMAIL PROTECTED] and friends is that you no > longer have to be a network security geek to appreciate this fact. Any node that can be reached directly or indirectly from outside the perimeter can bring undesireable content into the protected area. The more layers of protection there are, the more opportunity there is to isolate and contain any problems. Having address space that is not routed provides an extra layer which protects against failures in the firewall/access controls. If your network doesn't require that extra level, there is no need to deploy it. At the same time, there are network managers that insist on having that capability. Tony -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
