nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: BCP for ISP to block worms at PEs and NAS

From: "Christopher L. Morrow" <christopher.morrow () mci com>
Date: Mon, 18 Apr 2005 02:19:11 +0000 (GMT)


On Sun, 17 Apr 2005, J.D. Falk wrote:



On 04/17/05, Randy Bush <randy () psg com> wrote:


On my Cisco-based SP network with RPMs in MGX chassis acting as PEs:
I have the ACL below applied on many network devices to block the
common worms ports,


if you are a service provider, perhaps filtering in the core will
not be appreciated by some customers.  of course, as a provider,
you can choose what 'service' you are providing.  but, if you
filter ports, it is not clear you are providing internet service.


      In practice, it is nearly certain that your users won't care (or
      even notice) -- but grumpygeeks will argue about it anyway.


interesting... everytime we have filtered in the core we've gotten
complaints, I believe many folks filtered/rate-limited in their cores for
welchia/nachia and got bunches of complaints about it as well... Hrm,
maybe all of these folks are just grumpy-geeks?
Previous By Date Next
Previous By Thread Next

Current thread: