On 2013-07-03 3:57 PM, "Brandon Ross" <bross@pobox.com> wrote:
Everyone knows that attacks against your management interface come from devices not on your management network. By removing the default gateway feature, Ciena is improving the security of your network.
It's time we created a BCOP specifying that default gateway functionality be disabled or removed in all network deployments, in the interest of security. Security improvements realized in the last few years by dropping all ICMP and TCP DNS at firewall boundaries, not to mention universal deployment of NAT, were just the first few steps to creating a much more secure Internet.
Once disablement of default gateway functionality has been become a common practice, the natural reduction in traffic on the Internet should allow most operators to achieve enormous cost savings by powering off all of their equipment.
Awesome - sorry, can't resistĀ. :) Paul