[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: draft-ietf-opsec-infrastructure-security-01 - Infrastructure Hiding
Barry Greene (bgreene) ha scritto:
> Section 6 is evolving to a BCP through providers deployment. So it is
> DOS is one reason. If I cannot target the infrastructure, then I cannot
> attack the infrastructure. I suggest rephrasing this to not be about DOS
> and to be more generic. For examples, port scans go away with
> application of many of the core hiding techniques.
I agree on all.
Modern isp network architecture deeply use MPLS in core, in some case
public ip adrress are used at network edge, internet front-end to E-LSR,
and not in core, so this can be a reason for core hiding.