On Nov 13, 2011, at 10:36 PM, Jason Lewis wrote: > I don't want to start a flame war, but this article seems flawed to me.
The real issue is interconnecting SCADA systems to publicly-routed networks, not the choice of potentially routable space vs. RFC1918 space for SCADA networks, per se. If I've an RFC1918-addressed SCADA network which is interconnected to a publicly-routed- and -accessible network, then an attacker can work to compromise a host on the publicly-accessible network and then jump from there to the RFC1918 SCADA network. > I think I could announce private IP space, so doesn't that make this argument > invalid? Most networks, except those which haven't implemented the most basic BCPs, wouldn't accept your announcements of RFC1918 or otherwise-reserved space. It's likely that your peers/upstreams wouldn't accept them in the first place, much less propagate them. ----------------------------------------------------------------------- Roland Dobbins <rdobb...@arbor.net> // <http://www.arbornetworks.com> The basis of optimism is sheer terror. -- Oscar Wilde
