Common operational misconceptions

Michael Sinatra michael at rancid.berkeley.edu
Thu Feb 16 16:41:56 CST 2012


On 02/15/12 23:34, Owen DeLong wrote:
> I think one of the most damaging fundamental misconceptions which is
> not only rampant among students, but, also enterprise IT professionals
> is the idea that NAT is a security tool and the inability to conceive of the
> separation between NAT (header mutilation) and Stateful Inspection
> (policy enforcement).

Another misconception is that RFC 1918 somehow 
implies/specifies/requires NAT.  The idea of using private address 
without NATing them seems to totally bewilder some people.  And they 
often can't wrap their heads around the possibility of routing RFC 1918 
space internally and also not using NAT.  (This causes them to be even 
more confused at the fact that RFC 4193 specifies ULA for IPv6, but 
there is no stateful NAT currently specified.)

Concepts/words that often get confused:

Difference between 'allocation' and 'assignment' in IP addressing.

Use of the word "IP" alone to mean "IP address," e.g.:

Person: "Does that server have an IP assigned?"
Me: "Yeah, it's got a whole stack."

Then, of course, there's the silly situation where people mean to say 
"rogue" but they type "rouge" as in "rouge DHCP server," "rouge RA 
advertiser," etc.

michael



More information about the NANOG mailing list