Re: BCP for ISP to block worms at PEs and NAS

[Kim Onnel <karim.adel () gmail com>]

Even if they care, its consuming alot of CPU resources and bandwidth,
i had a long quarrel with my teams members on should we do it or not,
i understand that if we only provide best effort traffic without any
filtering contracted its wrong to do it, but the ACL matches are so
big, doing it on the Radius however is one nice other way to do it
IMHO, there was once a worm using port 5000 which broke IPSec, and i
had to modify it all over the place, same with MSSQL ports, a
Centralised configuration is much better, i would like to see these
methods documented anywhere (Practices for ISPs to block worms)
 

On 4/17/05, J.D. Falk <jdfalk () cybernothing org> wrote:
> On 04/17/05, Randy Bush <randy () psg com> wrote:
>
> > > On my Cisco-based SP network with RPMs in MGX chassis acting as PEs:
> > > I have the ACL below applied on many network devices to block the
> > > common worms ports,
> >
> > if you are a service provider, perhaps filtering in the core will
> > not be appreciated by some customers.  of course, as a provider,
> > you can choose what 'service' you are providing.  but, if you
> > filter ports, it is not clear you are providing internet service.
>
>         In practice, it is nearly certain that your users won't care (or
>         even notice) -- but grumpygeeks will argue about it anyway.
>
> --
> J.D. Falk                           As a carpenter bends the seat of a chariot
> <jdfalk () cybernothing org>                    I bend this frenzy round my heart.