Ciena 6200 clue?
jeffshultz at wvi.com
Wed Jul 3 20:03:46 UTC 2013
On 7/3/2013 1:00 PM, Paul Stewart wrote:
> On 2013-07-03 3:57 PM, "Brandon Ross" <bross at pobox.com> wrote:
>> Everyone knows that attacks against your management interface come
>> from devices not on your management network. By removing the
>> default gateway feature, Ciena is improving the security of your
>> It's time we created a BCOP specifying that default gateway
>> functionality be disabled or removed in all network deployments, in
>> the interest of security. Security improvements realized in the
>> last few years by dropping all ICMP and TCP DNS at firewall
>> boundaries, not to mention universal deployment of NAT, were just
>> the first few steps to creating a much more secure Internet.
>> Once disablement of default gateway functionality has been become
>> a common practice, the natural reduction in traffic on the Internet
>> should allow most operators to achieve enormous cost savings by
>> powering off all of their equipment.
> Awesome - sorry, can't resistŠ. :)
Ah, somehow my eyeballs glazed over the excellent sarcasm that was made
evident in the last paragraph....
Either way, my point remains: I want the option. I suspect I'm not alone...
More information about the NANOG