[dns-operations] Configurable TC=1?
Mark Andrews
marka at isc.org
Thu Dec 24 02:00:10 UTC 2015
In message <20151224012601.GA9448 at mycre.ws>, Robert Edmonds writes:
> Mark Andrews wrote:
> > Encouraging all DSL and Cable forum members to have *all* equipment
> > they produce support BCP 38 filtering at line rate is a good way
> > to start. This may already be being done. This gets rid of the
> > "it costs more to buy BCP 38 filtering capable equipment" excuse.
> > If is doesn't support "BCP 38 filtering" it doesn't get the stamp
> > of approval.
>
> Done, at least for cable.
>
> http://www.cablelabs.com/wp-content/uploads/specdocs/CM-SP-SECv3.0-I14-120809.pdf
>
> Data-Over-Cable Service Interface Specifications
> DOCSIS 3.0
>
> Security Specification
>
> [...]
>
> 9.6 Source Address Verification
>
> [...] The CMTS MUST be capable of being configured to enable and
> disable SAV. By default, the CMTS MUST enable SAV. [...]
>
> Anyway, what makes you so sure spoofing in DSL and cable access networks
> is a real problem, compared to say spoofed traffic from compromised
> "dedicated servers" sitting in data centers?
I'm not sure. It just removes a huge set of addresses.
> --
> Robert Edmonds
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the dns-operations
mailing list