A Broadband and ADSL forum. BroadbanterBanter

Welcome to BroadbanterBanter.

You are currently viewing as a guest which gives you limited access to view most discussions and other FREE features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload your own photos and access many other special features. Registration is fast, simple and absolutely free so please, join our community today.

Go Back   Home » BroadbanterBanter forum » Newsgroup Discussions » uk.telecom.broadband (UK broadband)
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

uk.telecom.broadband (UK broadband) (uk.telecom.broadband) Discussion of broadband services, technology and equipment as provided in the UK. Discussions of specific services based on ADSL, cable modems or other broadband technology are also on-topic. Advertising is not allowed.

Any advantage in using private ranges other than 192.168.x.x in NAT router?



 
 
Thread Tools Display Modes
  #21  
Old February 5th 19, 03:17 PM posted to uk.telecom.broadband
Chris Green
external usenet poster
 
Posts: 195
Default Any advantage in using private ranges other than 192.168.x.x in NAT router?

Chris Bartram wrote:
On 04/02/2019 14:54, Chris Green wrote:
Is there any advantage to be gained security-wise in using a
'non-standard' private IP range in a NAT router. E.g. either
172.16.x.x or 10.x.x.x. I suspect not but I suppose there might be
some gain in the 'security by obscurity' direction.

... any other advantages, except the obvious one of bigger sub-nets if
you happen to need them?

Only advantages I cvan see are as you say a larger range, and if you're
planning to VPN tunnel to someone else, it's obviously no good to have
the same IP range behing both routers. Otherwise, no advantage. There's
no security thorugh obscurity; if they've breached your router in any
way (be it the router itself or a device behind it) something will be
advertising the IP range, even if there isn't DHCP willingly handing out
addresses.


Yes, I think you're probably right so I'll leave it at the default
192.168.1.1. :-)

--
Chris Green

  #22  
Old February 5th 19, 05:18 PM posted to uk.telecom.broadband
Optimist[_2_]
external usenet poster
 
Posts: 1
Default Any advantage in using private ranges other than 192.168.x.x in NAT router?

On Tue, 5 Feb 2019 14:17:20 +0000, Chris Green wrote:

Chris Bartram wrote:
On 04/02/2019 14:54, Chris Green wrote:
Is there any advantage to be gained security-wise in using a
'non-standard' private IP range in a NAT router. E.g. either
172.16.x.x or 10.x.x.x. I suspect not but I suppose there might be
some gain in the 'security by obscurity' direction.

... any other advantages, except the obvious one of bigger sub-nets if
you happen to need them?

Only advantages I cvan see are as you say a larger range, and if you're
planning to VPN tunnel to someone else, it's obviously no good to have
the same IP range behing both routers. Otherwise, no advantage. There's
no security thorugh obscurity; if they've breached your router in any
way (be it the router itself or a device behind it) something will be
advertising the IP range, even if there isn't DHCP willingly handing out
addresses.


Yes, I think you're probably right so I'll leave it at the default
192.168.1.1. :-)


Why were 172.16.x.x and 192.168.x.x allocated as private ranges? Surely every routable IP address
can just use 10.x.x.x anyway?
  #23  
Old February 6th 19, 01:40 PM posted to uk.telecom.broadband
Roderick Stewart
external usenet poster
 
Posts: 540
Default Any advantage in using private ranges other than 192.168.x.x in NAT router?

On Tue, 05 Feb 2019 16:18:38 +0000, Optimist
wrote:

Why were 172.16.x.x and 192.168.x.x allocated as private ranges? Surely every routable IP address
can just use 10.x.x.x anyway?


I've often wondered the same thing. Any one of those ranges must
surely have more than enough numbers for any conceivable private
network, so why the need for three of them?

My best guess would be the cockup theory, in other words it's more
likely to be the result of a cockup than an actual plan. Maybe several
factions had the same idea independently about local networks and set
up their own networks in their own ways, and by the time an official
plan was ordained it was too inconvenient for anyone to change, so the
plan was adjusted to ratify what was already being done.

But who knows...?

Rod.
  #24  
Old February 6th 19, 02:06 PM posted to uk.telecom.broadband
Nick Leverton
external usenet poster
 
Posts: 100
Default Any advantage in using private ranges other than 192.168.x.x in NAT router?

In article ,
Optimist wrote:

Why were 172.16.x.x and 192.168.x.x allocated as private ranges? Surely every routable IP address
can just use 10.x.x.x anyway?


RFC 1817 suggests, in its 1.5 pages of text, that CIDR capable equipment
wasn't universal within organisations, or even on the Internet, around
the time the private ranges were allocated.

RFC 1918 even justifies itself thus:
"If a suitable subnetting scheme can be designed and is supported by
the equipment concerned, it is advisable to use the 24-bit block
(class A network) of private address space and make an addressing
plan with a good growth path. If subnetting is a problem, the 16-bit
block (class C networks), or the 20-bit block (class B networks) of
private address space can be used."

Aug 1995: RFC 1817 - CIDR and Classful Routing
Feb 1996: RFC 1918 - Address Allocation for Private Internets

Nick
--
"The Internet, a sort of ersatz counterfeit of real life"
-- Janet Street-Porter, BBC2, 19th March 1996
  #25  
Old February 8th 19, 06:04 PM posted to uk.telecom.broadband
Adrian Caspersz
external usenet poster
 
Posts: 60
Default Any advantage in using private ranges other than 192.168.x.x inNAT router?

On 04/02/2019 14:54, Chris Green wrote:
Is there any advantage to be gained security-wise in using a
'non-standard' private IP range in a NAT router. E.g. either
172.16.x.x or 10.x.x.x. I suspect not but I suppose there might be
some gain in the 'security by obscurity' direction.

... any other advantages, except the obvious one of bigger sub-nets if
you happen to need them?


I've have segregated 10.x.x.x VLANs running each on different ip ranges,
different DNS server, DHCP servers, SSIDs etc. They are routed to the
same internet gateway, but via firewall rules none are allowed to pass
data to one another.

Basically that means my LG TV can't see the rest of the LAN, unless I
let it. It also lets me test out VPN software on different platforms
without having to do that externally with another ISP connection.

The router with standard firmware that does all that is typically found
for 1.50 from a car boot sale, and I have a few spares ...

--
Adrian C
  #26  
Old February 14th 19, 01:11 AM posted to uk.telecom.broadband
Theo[_2_]
external usenet poster
 
Posts: 73
Default Any advantage in using private ranges other than 192.168.x.x in NAT router?

Optimist wrote:
Why were 172.16.x.x and 192.168.x.x allocated as private ranges? Surely every routable IP address
can just use 10.x.x.x anyway?


10.0.0.0/8 is 2^24 addresses, or just over 16 million. That's not enough to
go round, even within a single company. Comcast has 22.3 million
subscribers. Even with the additional 1.06 million from the other two ranges,
they say they exhausted RFC1918 private addresses - in 2005.

Thankfully IPv6 gets us out of this mess...

Theo
  #27  
Old February 14th 19, 07:34 AM posted to uk.telecom.broadband
Roderick Stewart
external usenet poster
 
Posts: 540
Default Any advantage in using private ranges other than 192.168.x.x in NAT router?

On 14 Feb 2019 00:11:41 +0000 (GMT), Theo
wrote:

Why were 172.16.x.x and 192.168.x.x allocated as private ranges? Surely every routable IP address
can just use 10.x.x.x anyway?


10.0.0.0/8 is 2^24 addresses, or just over 16 million. That's not enough to
go round, even within a single company. Comcast has 22.3 million
subscribers. Even with the additional 1.06 million from the other two ranges,
they say they exhausted RFC1918 private addresses - in 2005.

Thankfully IPv6 gets us out of this mess...


....but into another one, if we're not careful. With so many addresses
that NAT isn't needed, it would be possible for every connected device
on the planet to be uniquely identifiable. Think of the possibilities
if the authorities who would like to plot our every move manage to
work out how to make use of that.

Rod.
  #28  
Old February 14th 19, 11:13 AM posted to uk.telecom.broadband
NY
external usenet poster
 
Posts: 452
Default Any advantage in using private ranges other than 192.168.x.x in NAT router?

"Theo" wrote in message
...
Optimist wrote:
Why were 172.16.x.x and 192.168.x.x allocated as private ranges? Surely
every routable IP address
can just use 10.x.x.x anyway?


10.0.0.0/8 is 2^24 addresses, or just over 16 million. That's not enough
to
go round, even within a single company. Comcast has 22.3 million
subscribers. Even with the additional 1.06 million from the other two
ranges,
they say they exhausted RFC1918 private addresses - in 2005.


Er, hang on. 10.0.x.x and 192.168.x.x are *non-routable* addresses, to be
used on the private LAN side of a router. So you only need as many addresses
as you have devices in your LAN (eg within an office block served by a
single router). That's totally separate from running out of IPv4 routable
addresses as used on the public WAN side of a router.

I never understood why IPv6 was designed the way it was. Yes, increase the
address to 6 rather than 4 bytes to give move WAN addresses, but why did
they then go and spoil things by getting rid of WAN-to-LAN
address-translation (NAT). If all traffic on the LAN becomes public, it
means that the onus for firewalling is devolved to every single device,
instead of being performed by the router. I would have expected IPv6 to
still use NAT and IPv4 addresses within the LAN, even though the router's
WAN address is IPv6.

Thinking of IPv4, I wonder how many domestic (non-office) routers allow you
to allocate 2-byte subnet addresses rather than 1-byte addresses - so you
get more than just 192.168.0.1-192.168.0.254 (254 addresses) and can use
192.168.1.x and 192.168.2.x for up to 64 K LAN addresses (ie a subnet mask
of 255.255.0.0 rather than 255.255.255.0).

A company that I worked for in 2000 supplied pre-configured servers to
customers, and the DHCP server was set to hand out 10.0.x.x addresses rather
than 192.168.x.x addresses. It was a serious offence to connect one of those
servers (accidentally) to the company LAN, because you then had two DHCP
servers running, handing out addresses in different subnets - it was pot
luck whether a PC on the company LAN then got a company-LAN 192 address or a
server-generated 10 address. I did it once - luckily I realised within a few
seconds and yanked the LAN cable out, but there was a bulletin sent out by
Site Services later saying that they'd experienced a brief network outage,
so I had to own up. They thanked me for being honest and for rectifying it
immediately; they'd had problems the previous year when someone had done the
same as me but hadn't realised what they'd done and it took several hours to
track down the rogue server.

Is there any advantage in having a server computer generate DHCP addresses
rather than letting a router do it, given the big problem if more than one
of those servers gets on the same LAN by accident.

  #29  
Old February 14th 19, 11:21 AM posted to uk.telecom.broadband
NY
external usenet poster
 
Posts: 452
Default Any advantage in using private ranges other than 192.168.x.x in NAT router?

"NY" wrote in message
o.uk...
A company that I worked for in 2000 supplied pre-configured servers to
customers, and the DHCP server was set to hand out 10.0.x.x addresses
rather than 192.168.x.x addresses. It was a serious offence to connect one
of those servers (accidentally) to the company LAN, because you then had
two DHCP servers running, handing out addresses in different subnets - it
was pot luck whether a PC on the company LAN then got a company-LAN 192
address or a server-generated 10 address. I did it once - luckily I
realised within a few seconds and yanked the LAN cable out, but there was
a bulletin sent out by Site Services later saying that they'd experienced
a brief network outage, so I had to own up. They thanked me for being
honest and for rectifying it immediately; they'd had problems the previous
year when someone had done the same as me but hadn't realised what they'd
done and it took several hours to track down the rogue server.

Is there any advantage in having a server computer generate DHCP addresses
rather than letting a router do it, given the big problem if more than one
of those servers gets on the same LAN by accident.


Come to think of it, does the DHCP protocol include any guard against this
happening - for instance by checking at startup and frequently after that to
make sure that it is the *only* DHCP server that is "visible"?

  #30  
Old February 14th 19, 12:00 PM posted to uk.telecom.broadband
Richard Tobin
external usenet poster
 
Posts: 261
Default Any advantage in using private ranges other than 192.168.x.x in NAT router?

In article ,
NY wrote:

Come to think of it, does the DHCP protocol include any guard against this
happening - for instance by checking at startup and frequently after that to
make sure that it is the *only* DHCP server that is "visible"?


There's no need for anything special in the protocol - you can just
send out a DHCP request and see what responds. There appear to be
numerous tools that can monitor for "rogue" DHCP servers, though I've
not had occasion to use one.

-- Richard
 




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Cannot logon to router using 192.168.1.1 me uk.comp.home-networking (UK home networking) 3 September 21st 05 10:58 PM
Any benefit by changing 192.168.0.1? Barrie uk.comp.home-networking (UK home networking) 13 March 2nd 05 12:03 AM
Wireless subnets 192.168.0 and 192.168.1 Alfie uk.telecom.broadband (UK broadband) 7 October 31st 04 07:49 PM
Can't get WHOIS for 192.168.100.1 David Wood uk.telecom.broadband (UK broadband) 0 October 1st 04 08:14 PM
Can't get WHOIS for 192.168.100.1 will kemp uk.telecom.broadband (UK broadband) 0 October 1st 04 08:05 PM


All times are GMT +1. The time now is 12:11 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.Content Relevant URLs by vBSEO 2.4.0
Copyright 2004-2019 BroadbanterBanter.
The comments are property of their posters.