dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
1504
share rss forum feed


Bigzizzzle
Premium
join:2005-01-27
Franklin, TN
kudos:1

[Info] Enterprise IP Addressing Scheme

I work for a company that utilizes public IP (Non RFC 1918 address ranges) for internal networking.

Why would they design the network around that?

Is there justification for this address space abuse?

Printers, Workstations etc all using Public routeable address spaces owned by the company.

Has anyone ever seen this?



Da Geek Kid

join:2003-10-11
::1
kudos:1
Reviews:
·Callcentric

abuse? As in why is your home address public? or why someone can find out who you are by your license plate?

There is no reason to use 1918 unless you do not have any IP to use or think of it as building sand castle and not a real one since you'd need a real property for that...

Most companies use their real routable IP addressing.


Bink
Villains... knock off all that evil

join:2006-05-14
Castle Rock, CO
kudos:4
reply to Bigzizzzle

This is common place in large companies--if you have the IPs, use them. That said, hoarding unrouted IPv4 addresses is popular nowadays.


cramer
Premium
join:2007-04-10
Raleigh, NC
kudos:8
reply to Bigzizzzle

I would call it "lame excuse" more than "justification" -- the most common reason claimed is "ease of network interconnects" (i.e. inter-company VPNs) (see also: "lame excuse") Yes, there are lots of companies doing this. (USPS for one.) If you wanted to bitch about such misuses, you missed the boat over a decade ago. At this point, It. Does. Not. Matter. We're out of IPv4 address space; getting back the handful of (legacy) prefixes being used in this manner won't change that.


aryoba
Premium,MVM
join:2002-08-22
kudos:4
reply to Bigzizzzle

There are some valid reasons of using Non-RFC-1918 IP version 4 addresses for internal networking. Following are some of those reasons.

* The internal network has been so huge that you cannot use RFC-1918 IP addresses for everything. In this case, you can only use RFC-1918 IP addresses for point-to-point network while hosts (such as router's Loopback interfaces, servers, printers, PC) have to use non-RFC-1918 IP addresses

* There are overlapping IP schemes within the internal network when you try to use RFC-1918 IP addresses for everything. This case usually applies when there are two companies merging or one company acquires other companies that the IP scheme overhaul usually result in using non-RFC-1918 IP addresses for hosts



Da Geek Kid

join:2003-10-11
::1
kudos:1

1 recommendation

reply to Bigzizzzle

and to add to this... IPv6 would have no shortage for a quite a while so no one would be using a private addressing/NAT.


tunerX

join:2012-02-20

NAT has an inherent security feature that eliminates visibility into a local networks addressing schema.



RyanG1
Premium
join:2002-02-10
San Antonio, TX
kudos:1

So do access-lists.



Da Geek Kid

join:2003-10-11
::1
kudos:1

lol, so does ip route x.x.x.x x.x.x.x null0

bitbucket!



Bigzizzzle
Premium
join:2005-01-27
Franklin, TN
kudos:1
reply to RyanG1

Thanks for the feedback it just rubbed me different when I saw this.

Keep pushing those packets.


mdpeterman

join:2010-10-10
Westerville, OH

The company I work for uses publicly routable IPs for almost everything. They also use 10.0.0.0/8 for select other equipment, but not much.

The university I went to used all public IPs too. If they have the addresses, they use them and most of their networks were established before NAT was popular.


HELLFIRE
Premium
join:2009-11-25
kudos:18
reply to Bigzizzzle

said by Bigzizzzle:

Why would they design the network around that?

Politics trumping Best Practices? Otherwise, they're just that sure of their security.

Otherwise, all the other comments so far are valid as well

said by Bigzizzzle:

Has anyone ever seen this?

My old employer did this (IBM 9's network). My current employer does this as well. Whether I could hit
my laptop's IP address from the Internet, well... never got the chance to test this theory.

Regards


Da Geek Kid

join:2003-10-11
::1
kudos:1
Reviews:
·Callcentric

You won't get a chance to do so from the network perspective, however, what makes this work on any network is the trojan installed on the CEO's PC that tells the thief about his US offshore accounts, passwords to his VIP Pr0n store, etc...

All those has nothing todo with NAT/PAT...



Wily_One
Premium
join:2002-11-24
San Jose, CA
Reviews:
·AT&T U-Verse
reply to HELLFIRE

I'd imagine most of the big companies that do this, do it because of legacy reasons. (e.g. "because we've always done it like this")

But that said, now that the pool of available IPv4 address space has been exhausted the RIRs like ARIN are cracking down on companies with existing allocations which are not, in fact using them. So some companies will look at it as a use-it-or-lose-it proposition.



battleop

join:2005-09-28
00000

1 recommendation

reply to Bigzizzzle

ADP is one company that's know for pissing away public IPs like this.



Da Geek Kid

join:2003-10-11
::1
kudos:1
reply to Bigzizzzle

lol

Ok. So in the early 80s you had a company and bought a /8 network and AS numbers to go with it...

So now, let's use RFC1918 because somehow we think NAT is our security?