Information for equipment manufacturers

From BCP38
Jump to: navigation, search

This page is a bit shorter than the others.

[ The following is a personal opinion, and not necessarily the opinion of the staff and management of ]

If you manufacture edge concentrator equipment of any type or size -- DSLAMs, CMTSs, Resnet Switches, etc -- with any transport mechanism that hands out IP addresses, but does not implement strict unicast-rpf at port speed by default (with the option to disable it per port when necessary), then you're really just an Accessory Before to these DOS attacks.

You know which IP is valid on each port. And you've had over a decade.

And you should expect that someone will eventually eat your lunch.

Personal tools