said by rebus9:It's not that 1918 space is more hackable in and of itself. It's what's addressed within that space-- for example, equipment customers shouldn't be able to "see".
Why not? IE: Where is it written that services at these addresses shouldn't be reachable by other systems on the same network? Why would systems using addresses in RFC1918 ranges necessarily be any more sensitive than any other? That really isn't relevant, however.
What if the ISP had chosen to use alternate addresses from its publicly routable space - how would that change this at all (IE: what difference does the actual address used make?) There are plenty of servers on non RFC1918 address ranges that would fall in the same category.
If a server needs to be so protected, it should have a proper firewall or other suitable protections in front of it. The use of "private" address space has nothing to do with this.
RFC1918 addresses are meant to provide pre-defined ranges that may be used within a network by a single entity for use only within that entity, anywhere within that entity. This was intended for uses such as by those without public internet connectivity or those that otherwise did not have a registered network assignment. It was also useful for those entities that did not want to burn their public (routable) address space for devices that would never need to reach the public internet. It is not meant for security purposes.
Management interfaces on CPE (and on critical infrastructure) should be in a separate VLAN that customer traffic can't reach.
Where is this written as a requirement? It is Verizon's network and they can choose to manage and use addresses on their network as they so choose. Regardless, why does the address used matter? For instance, what does the use of RFC1918 addresses have to do with VLANs? That is the whole point.
Again - if there are services that should not be generally reachable and need to be protected, there should be a proper firewall in place. Choice of specific address ranges is not relevant.
Keep customer traffic away, regardless if it's addressed with publicaly routable or RFC1918 addresses. I believe THAT is what all the "hackable" talk is about.
Again - this has nothing to do with the address space and has everything to do with the use of a proper firewall.
The IP addresses themselves are irrelevant. What matters is, who can reach what equipment. Make sense?
Yes - but please read this thread and you will see references specifically that RFC1918 space reachability by home broadband routers is a security risk and a "hacking" risk. There was even reference that it is susceptible to spoofing. I'm not sure why you keep replying to me with points that aren't related to that specific point even though that is specifically what I am asking about.
What does any of that have to do with the address space? All of the same issues exist equally regardless. The reachability of RFC1918 address ranges is no more a risk than any other address ranges. I am looking specifically for supporting detail for the claims in this thread to the contrary.