Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Public address space

Status
Not open for further replies.
mrbusy

mrbusy

Technical User
Dec 10, 2003
118
0
0
I recently joined a company with a very badly configured network infrastructure - particularly in the area of security, DNS, DHCP and address space.

At the moment we're using a mass of ranges which cross networks owned by INTEL, EDS and the US gov as the "network admin" has assinged entire class B size networks to remote sites.

Appart from the obvious non-conformity to the best practices laid down in RFC1918 can anyone think of a list of good reasons why we shouldn't have our network configured this way?

I'm trying to build a case to change to proper public spaces before our network gets any bigger and more complex.

Any thoughts would be greatfully received.
 
Sort by date Sort by votes
I don't see how that setup could be functioning...

Firstly, you should have some documentation stating what address ranges have been assigned to the company.

Secondly, it is insane to have an entire worksite facing the internet. Every machine is directly susceptible to every piece of malware floating on the internet. You should be using NAT as a layer of security.

If you assign an address that Intel is using, who gets the traffic, you or Intel? I suspect that there is more going on here than you are aware of. For instance, if you are NATing, it doesn't matter what IP space your network is using, the NAT is going to change it before the traffic hits the internet.

My guess is that you are NATing somewhere.
 
Upvote 0 Downvote
Sorry, did forget to mention that we're NATing.

 
Upvote 0 Downvote
I would approach this issue by reminding mgmt. that best practices are declared for a reason. If you are following best practices your chances of adapting to unforeseen situations painlessly are dramatically increased. Situations such as a takeover where you now need to incorporate another network, etc.


"We must fall back upon the old axiom that when all other contingencies fail, whatever remains, however improbable, must be the truth." - Sherlock Holmes

 
Upvote 0 Downvote
Oh, and you want to change to proper private space...


"We must fall back upon the old axiom that when all other contingencies fail, whatever remains, however improbable, must be the truth." - Sherlock Holmes

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

jmarkus
  • Locked
  • Question
Can I have a different private IP address which isn't on my router's subnet?
Replies
6
Views
144
sbcsu
sbcsu
Demon Monkey
  • Locked
  • Question
Whitelisting varying IP address?
Replies
2
Views
129
SamBones
SamBones
tpicon
  • Locked
  • Question
Need to know MAC Address??
Replies
0
Views
104
tpicon
tpicon
SamBones
  • Locked
  • Question
/32 Network Address? 1
Replies
3
Views
53
Arsh Sharma
Arsh Sharma
etrusks
  • Locked
  • Question
Communicating between 2 users whos ip addresses might change 1
Replies
6
Views
66
etrusks
etrusks

Part and Inventory Search

Sponsor

Back
Top