nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ACLs / Filter Lists - Best Practices

From: "E.B. Dreger" <eddy+public+spam () noc everquick net>
Date: Wed, 28 Nov 2001 01:32:58 +0000 (GMT)


Date: Tue, 27 Nov 2001 15:37:18 -0800
From: John McBrayne <mcbrayne () caspiannetworks com>



Is anyone aware of any current "best practices" related to the
recommended set of filtering rules (Cisco ACL lists or Juniper filter
sets) for reasons of Security, statistics collection, DoS attack
analysis/prevention, etc.?  I'm curious to see if there are any such
recommendations for Tier 1/Tier 2 backbone routers, peering points,
etc., as opposed to CPE terminations or Enterprise/LAN equipment
recommendations.

Actual config file examples would be great, if they exist.


_Rob's Articles Collection_ makes a great start:

        http://www.cymru.com/~robt/Docs/Articles/

Have fun.


HTH,
Eddy

---------------------------------------------------------------------------
Brotsman & Dreger, Inc. - EverQuick Internet Division
Phone: +1 (316) 794-8922 Wichita/(Inter)national
Phone: +1 (785) 865-5885 Lawrence
---------------------------------------------------------------------------

Date: Mon, 21 May 2001 11:23:58 +0000 (GMT)
From: A Trap <blacklist () brics com>
To: blacklist () brics com
Subject: Please ignore this portion of my mail signature.

These last few lines are a trap for address-harvesting spambots.  Do NOT
send mail to <blacklist () brics com>, or you are likely to be blocked.
Previous By Date Next
Previous By Thread Next

Current thread: