Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month at the Massachusetts Institute of Technology, in Building E51.

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] selecting a subnet

Hash: SHA1

The reason I suggested password is that it just restricts the ad hoc
user from using the network. This is a short-term requirement for the
OP. And, assuming the WAN port of the router is plugged into the
corporate network. This way the nonroutable addresses will not be
exposed. However, I have seen (and done) routers connected to corporate
networks as switches with the wifi turned on.

In any case, agreeing with Derek that what the OP is doing is not a good
thing, but in this specific case, you are not going to expose those
addresses to the corporate network, but you are allowing them onto the
corporate network rather than an isolated guest network, which is a bad
thing. While the non-routable addresses are not exposed, anyone on that
subnet can go through the firewall. They can get at the company intranet
as well as the Internet.

On 09/15/2014 11:18 AM, Bill Horne wrote:
> On Monday, September 15, 2014 09:28:30 AM Jerry Feldman wrote:
>> I am with Derek in this case, but remember that 192.168.n.n, 10.n.n.n
>> and 172.16 - 172.31 are non-routable meaning that your router SHOULD
>> never expose these addresses beyond the subnet. So, in the case where
>> you have to set something up at the last minute, the 192.168 addresses
>> are not going to conflict. I would also make sure that the wifi is set
>> up with a pass code so that people outside the group can't use it
>> although in this case the risk is minimal. especially if you disconnect
>> the router after the boy scout meeting.
> Although the Internet won't relay detached network addresses, that's not
> necessarily the case inside a corporate network. Moreover, the average
> corporate network is awash in "accidental" routers, including portable
> cellular terminals, laptops with network sharing enabled, and the
> "consumer grade" routers that are /always/ going to be plugged in at any
> company picnic or other event when IT isn't involved in advance.
> I agree that passwords are an important security feature, but I've
never seen
> them enabled on any router set up by the well-meaning civilians at
> events. They aren't thinking about security; they concentrating on not
> the hot dogs.
> We could each write a book about the ways that "self install"
> affect computer network security. It's just not something that anyone
in a
> position of authority will ever read.
> Bill

- -- 
Jerry Feldman <gaf at>
Boston Linux and Unix
PGP key id:3BC1EB90
PGP Key fingerprint: 49E2 C52A FC5A A31F 8D66  C0AF 7CEA 30FC 3BC1 EB90
Version: GnuPG v1


BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /