nanog mailing list archives
Re: Ciena 6200 clue?
From: Brandon Ross <bross () pobox com>
Date: Wed, 3 Jul 2013 15:57:40 -0400 (EDT)
On Tue, 2 Jul 2013, Jason Lixfeld wrote:
The SE who's onsite is apparently claiming that there is no provision to set a default gateway on the management interface.
Everyone knows that attacks against your management interface come from devices not on your management network. By removing the default gateway feature, Ciena is improving the security of your network.
It's time we created a BCOP specifying that default gateway functionality be disabled or removed in all network deployments, in the interest of security. Security improvements realized in the last few years by dropping all ICMP and TCP DNS at firewall boundaries, not to mention universal deployment of NAT, were just the first few steps to creating a much more secure Internet.
Once disablement of default gateway functionality has been become a common practice, the natural reduction in traffic on the Internet should allow most operators to achieve enormous cost savings by powering off all of their equipment.
-- Brandon Ross Yahoo & AIM: BrandonNRoss +1-404-635-6667 ICQ: 2269442 Schedule a meeting: https://doodle.com/bross Skype: brandonross
Current thread:
- Ciena 6200 clue? Jason Lixfeld (Jul 02)
- Re: Ciena 6200 clue? Jeff Shultz (Jul 02)
- Re: Ciena 6200 clue? Christopher Morrow (Jul 02)
- Re: Ciena 6200 clue? Brandon Ross (Jul 03)
- Re: Ciena 6200 clue? Paul Stewart (Jul 03)
- Re: Ciena 6200 clue? Jeff Shultz (Jul 03)
- Re: Ciena 6200 clue? Jeff Shultz (Jul 03)
- Re: Ciena 6200 clue? Paul Stewart (Jul 03)
- Re: Ciena 6200 clue? Phil Bedard (Jul 03)
- Re: Ciena 6200 clue? Erik Muller (Jul 03)
- Message not available
- Re: Ciena 6200 clue? Bryan Fields (Jul 03)
- Re: Ciena 6200 clue? Christopher Morrow (Jul 03)
- Message not available
- Re: Ciena 6200 clue? Bryan Fields (Jul 04)
- Re: Ciena 6200 clue? Jeff Shultz (Jul 02)
- <Possible follow-ups>
- Re: Ciena 6200 clue? Larry Sheldon (Jul 02)