Can a customer take IP's with them?

Howard C. Berkowitz hcb at gettcomm.com
Fri Jun 25 20:59:00 UTC 2004


At 3:29 PM -0400 6/25/04, Eric Gauthier wrote:
>  > Only one customer?  There are a couple "consulting" firms in
>>  particular around here that use arbitrary space on internal
>>  networks.  Sometimes a currently-dark IP block is configured, so
>>  "it works for us".  It gets annoying after a while.
>
>The worst one I've seen so far is Ticketmaster... last month.  If you want to
>sell tickets through them and connect via the network, they require you to
>have a private, backend connection to them and then require you to route
>29.2.0.0/15, 29.4.0.0/15, and 29.6.0.0/16 via that connection.

Several third-party health payors, as well as a few HMOs and the 
like, do exactly this sort of thing with medical service providers. 
It makes hospital addressing, at times, rather interesting.

Some of them used the rationalization that if the space wasn't in the 
Internet routing table, it was more secure. To make it worse, a 
couple further expected you to address some of your hosts with their 
bogus address space, and then run transport-mode IPSec to them.

If you have never had a good sized hospital decide you are their new 
ISP (or network manager), it's good to find someone that will write 
prescriptions for legal drugs. On your first site visit, when you 
start discovering some of their addressing oddities, you will want to 
go to the pharmacy and get the scripts filled, to help you get 
through the day.

While newer applications, if anything, go overboard for security, 
some earlier medical applications, especially laboratory 
instrumentation, just send all their data to 255.255.255.255.  I 
asked one of the programmers why they did that, and he said they 
didn't know if somebody might plug in a device that needed the data, 
so they didn't want to be bothered putting in support for it.

You will find there are now an assortment of security and privacy 
laws that the hospital has to support, HIPAA being the best known, 
but also 21CFR11 for clinical trials, DEA electronic prescribing of 
controlled substances, and COPPA for pediatric data. Unfortunately, 
no one has ever decided to harmonize the security requirements for 
the different mandates.  If it helps put things in perspective, the 
legislation enabling recent extensive modifications and additions to 
HIPAA was titled the HIPAA Administrative Simplification Act.  George 
Orwell would have loved it.



More information about the NANOG mailing list