[dns-operations] Configurable TC=1?
Robert Edmonds
edmonds at mycre.ws
Thu Dec 24 01:26:01 UTC 2015
Mark Andrews wrote:
> Encouraging all DSL and Cable forum members to have *all* equipment
> they produce support BCP 38 filtering at line rate is a good way
> to start. This may already be being done. This gets rid of the
> "it costs more to buy BCP 38 filtering capable equipment" excuse.
> If is doesn't support "BCP 38 filtering" it doesn't get the stamp
> of approval.
Done, at least for cable.
http://www.cablelabs.com/wp-content/uploads/specdocs/CM-SP-SECv3.0-I14-120809.pdf
Data-Over-Cable Service Interface Specifications
DOCSIS 3.0
Security Specification
[...]
9.6 Source Address Verification
[...] The CMTS MUST be capable of being configured to enable and
disable SAV. By default, the CMTS MUST enable SAV. [...]
Anyway, what makes you so sure spoofing in DSL and cable access networks
is a real problem, compared to say spoofed traffic from compromised
"dedicated servers" sitting in data centers?
--
Robert Edmonds
More information about the dns-operations
mailing list