Ciena 6200 clue?
bross at pobox.com
Wed Jul 3 19:57:40 UTC 2013
On Tue, 2 Jul 2013, Jason Lixfeld wrote:
> The SE who's onsite is apparently claiming that there is no provision to
> set a default gateway on the management interface.
Everyone knows that attacks against your management interface come from
devices not on your management network. By removing the default gateway
feature, Ciena is improving the security of your network.
It's time we created a BCOP specifying that default gateway functionality
be disabled or removed in all network deployments, in the interest of
security. Security improvements realized in the last few years by
dropping all ICMP and TCP DNS at firewall boundaries, not to mention
universal deployment of NAT, were just the first few steps to creating a
much more secure Internet.
Once disablement of default gateway functionality has been become a common
practice, the natural reduction in traffic on the Internet should allow
most operators to achieve enormous cost savings by powering off all of
Brandon Ross Yahoo & AIM: BrandonNRoss
+1-404-635-6667 ICQ: 2269442
Schedule a meeting: https://doodle.com/bross Skype: brandonross
More information about the NANOG