Common operational misconceptions
michael at rancid.berkeley.edu
Thu Feb 16 16:41:56 CST 2012
On 02/15/12 23:34, Owen DeLong wrote:
> I think one of the most damaging fundamental misconceptions which is
> not only rampant among students, but, also enterprise IT professionals
> is the idea that NAT is a security tool and the inability to conceive of the
> separation between NAT (header mutilation) and Stateful Inspection
> (policy enforcement).
Another misconception is that RFC 1918 somehow
implies/specifies/requires NAT. The idea of using private address
without NATing them seems to totally bewilder some people. And they
often can't wrap their heads around the possibility of routing RFC 1918
space internally and also not using NAT. (This causes them to be even
more confused at the fact that RFC 4193 specifies ULA for IPv6, but
there is no stateful NAT currently specified.)
Concepts/words that often get confused:
Difference between 'allocation' and 'assignment' in IP addressing.
Use of the word "IP" alone to mean "IP address," e.g.:
Person: "Does that server have an IP assigned?"
Me: "Yeah, it's got a whole stack."
Then, of course, there's the silly situation where people mean to say
"rogue" but they type "rouge" as in "rouge DHCP server," "rouge RA
More information about the NANOG