nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: BCP for ISP to block worms at PEs and NAS

From: "J.D. Falk" <jdfalk () cybernothing org>
Date: Sun, 17 Apr 2005 10:05:01 -0700

On 04/17/05, Randy Bush <randy () psg com> wrote: 


On my Cisco-based SP network with RPMs in MGX chassis acting as PEs:
I have the ACL below applied on many network devices to block the
common worms ports,


if you are a service provider, perhaps filtering in the core will
not be appreciated by some customers.  of course, as a provider,
you can choose what 'service' you are providing.  but, if you
filter ports, it is not clear you are providing internet service.


        In practice, it is nearly certain that your users won't care (or
        even notice) -- but grumpygeeks will argue about it anyway.

-- 
J.D. Falk                           As a carpenter bends the seat of a chariot
<jdfalk () cybernothing org>                    I bend this frenzy round my heart.
Previous By Date Next
Previous By Thread Next

Current thread: