Seems to me if I remember my copyright law correctly if you don't expressly give up your copyright on something you wire it still belongs to you the author. So wether it's GNU or not it's still covered by whoever wrote it.
The whole purpose of the RFC 1918 "private networks" was to allow companies to connect to the internet without having to have a "registered" ip address for every machine on there network. It was also implemented to help prevent people from grabbing random addresses like 3.0.0.0 and using them for there internal addresses.
Companies will then use the private addresses on there internal networks. This concerves the public addresses for the direct addressing on the internet.
Routers will route anything that they are not speciffically told not to. The general consensis is that you should not route private addresses past your border routers (ie to the outside world). Likewise you can't expect that anyone will be able to get to your machine if it have a private address. ie. 10.1.1.1.
The only people that expressly don't route private addressing are the core internet people. This is done usually done by filtering out these addresses at the edge of each of the large internet providers. Typical firewalls will filter out private addressing as well.
Don't assume just because you are using the private addressing on your network that you are safe. This is simply not true. Generally if you are using private addressing on your internal network there is a router or firewall between you that converts your private address into a registered one(NAT). Someone that is paying attention at this point will figure out that if the core providers filter out the private addresses and if I am on a machine with a private address that I won't be able to go very far on the net(unless there is a address translation inbetween).
There are several ways that NAT's can be assigned one is dynamic (more secure) and one is static. I assure you that if your machine has a statically assigned NAT address and there is no firewall between you and the net that your machine might as well be on the net directly.
Subject: Should isp's use private addressing? Well this is a hard question to answer. If they have a office lan that is behind a firewall that very well could be privatly addressed...
Should they use private addresses on interlink segments. Personally I say no because I really hate it when traceroutes don't return addresses. Although if you want to hide a couple of routers or firewalls in your path it's not a horrible way to do it.
Private networks and security: The only security that private networks provide you is this. If the people that are trying to hack into you are beyond a firewall or provider that filters private networks your are safe until they break into a machine on your network that has registered addresses. Then they have as much access as you network will allow. (note that alot of times this machine may be on your network beyond your defences.
Finally: before you decide to inplement large networks that use private addressing you need to think about who you may be connecting to yourself. On a network each machine must have a unique address for life to be happy. If you have a several thousand host network addressed in the 10.0.0.0 range and your company buys another company that alsi uses the 10.0.0.0 range of addressing life can get very very complicated. I know this from experience.
my two cents... I hope this makes sence.
-Geoff Kuchera
Slashdot Mirror
Seems to me if I remember my copyright law correctly if you don't expressly give up your copyright on something you wire it still belongs to you the author. So wether it's GNU or not it's still covered by whoever wrote it.
-My 2 cents..
Geoff
The whole purpose of the RFC 1918 "private networks" was to allow companies to connect to the internet without having to have a "registered" ip address for every machine on there network. It was also implemented to help prevent people from grabbing random addresses like 3.0.0.0 and using them for there internal addresses.
Companies will then use the private addresses on there internal networks. This concerves the public addresses for the direct addressing on the internet.
Routers will route anything that they are not speciffically told not to. The general consensis is that you should not route private addresses past your border routers (ie to the outside world). Likewise you can't expect that anyone will be able to get to your machine if it have a private address. ie. 10.1.1.1.
The only people that expressly don't route private addressing are the core internet people. This is done usually done by filtering out these addresses at the edge of each of the large internet providers. Typical firewalls will filter out private addressing as well.
Don't assume just because you are using the private addressing on your network that you are safe. This is simply not true. Generally if you are using private addressing on your internal network there is a router or firewall between you that converts your private address into a registered one(NAT). Someone that is paying attention at this point will figure out that if the core providers filter out the private addresses and if I am on a machine with a private address that I won't be able to go very far on the net(unless there is a address translation inbetween).
There are several ways that NAT's can be assigned one is dynamic (more secure) and one is static. I assure you that if your machine has a statically assigned NAT address and there is no firewall between you and the net that your machine might as well be on the net directly.
Subject: Should isp's use private addressing? Well this is a hard question to answer. If they have a office lan that is behind a firewall that very well could be privatly addressed...
Should they use private addresses on interlink segments. Personally I say no because I really hate it when traceroutes don't return addresses. Although if you want to hide a couple of routers or firewalls in your path it's not a horrible way to do it.
Private networks and security: The only security that private networks provide you is this. If the people that are trying to hack into you are beyond a firewall or provider that filters private networks your are safe until they break into a machine on your network that has registered addresses. Then they have as much access as you network will allow. (note that alot of times this machine may be on your network beyond your defences.
Finally: before you decide to inplement large networks that use private addressing you need to think about who you may be connecting to yourself. On a network each machine must have a unique address for life to be happy. If you have a several thousand host network addressed in the 10.0.0.0 range and your company buys another company that alsi uses the 10.0.0.0 range of addressing life can get very very complicated. I know this from experience.
my two cents... I hope this makes sence.
-Geoff Kuchera