[dns-operations] Configurable TC=1?
marka at isc.org
Thu Dec 24 02:00:10 UTC 2015
In message <20151224012601.GA9448 at mycre.ws>, Robert Edmonds writes:
> Mark Andrews wrote:
> > Encouraging all DSL and Cable forum members to have *all* equipment
> > they produce support BCP 38 filtering at line rate is a good way
> > to start. This may already be being done. This gets rid of the
> > "it costs more to buy BCP 38 filtering capable equipment" excuse.
> > If is doesn't support "BCP 38 filtering" it doesn't get the stamp
> > of approval.
> Done, at least for cable.
> Data-Over-Cable Service Interface Specifications
> DOCSIS 3.0
> Security Specification
> 9.6 Source Address Verification
> [...] The CMTS MUST be capable of being configured to enable and
> disable SAV. By default, the CMTS MUST enable SAV. [...]
> Anyway, what makes you so sure spoofing in DSL and cable access networks
> is a real problem, compared to say spoofed traffic from compromised
> "dedicated servers" sitting in data centers?
I'm not sure. It just removes a huge set of addresses.
> Robert Edmonds
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> dns-jobs mailing list
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the dns-operations