On Oct 7, 2012, at 6:50 PM, Gunter Van de Velde (gvandeve) wrote: > Passive address can be used where deemed usefull for device protection while > still allowing limited troubleshooting within the network (traceroute, traps > as most important onces).
What you're describing is a policy function already encapsulated by ACLs. And in general, it seems to follow the deplorable trend of continuing to overload IP addresses with more and more significance when a) they're already grossly overloaded and b) we're supposedly going to a world of IPv6 addresses, which should imply *less* significance, not more. ----------------------------------------------------------------------- Roland Dobbins <[email protected]> // <http://www.arbornetworks.com> Luck is the residue of opportunity and design. -- John Milton _______________________________________________ OPSEC mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsec
