nanog mailing list archives
Re: Customer-facing ACLs
From: Jo Rhett <jrhett () netconsonance com>
Date: Mon, 10 Mar 2008 23:27:23 -0700
Justin Shore wrote:
I'm assuming everyone uses uRPF at all their edges already so that eliminates the need for specific ACEs with ingress/egress network verification checks.
ha. I only wish that was true.We do filter all customer ports for IPs we believe from them, but darn few other providers do. (as based on my conversations with many providers when tracking down attacks from their networks)
That said, we filter nothing else.
Frags are explicitly dropped before any permits.
...? So you have no real, production sites?
Current thread:
- Re: Customer-facing ACLs, (continued)
- Re: Customer-facing ACLs Kameron Gasso (Mar 07)
- RE: Customer-facing ACLs Frank Bulk (Mar 07)
- Re: Customer-facing ACLs Kameron Gasso (Mar 07)
- Re: Customer-facing ACLs Valdis . Kletnieks (Mar 07)
- Re: Customer-facing ACLs Justin Shore (Mar 07)
- RE: Customer-facing ACLs Tim Sanderson (Mar 07)
- Re: Customer-facing ACLs Dan Armstrong (Mar 07)
- Re: Customer-facing ACLs Justin Shore (Mar 07)
- Re: Customer-facing ACLs Robert Beverly (Mar 07)
- Re: Customer-facing ACLs Danny McPherson (Mar 07)
- Re: Customer-facing ACLs Mark Tinka (Mar 08)
- Re: Customer-facing ACLs Adrian Chadd (Mar 10)
- Re: Customer-facing ACLs Jo Rhett (Mar 10)
- Re: Customer-facing ACLs Christopher Morrow (Mar 11)
- Re: Customer-facing ACLs Scott Weeks (Mar 07)
- Re: Customer-facing ACLs Justin Shore (Mar 07)
- Re: Customer-facing ACLs Dave Pooser (Mar 07)
- Re: Customer-facing ACLs Joel Jaeggli (Mar 07)
- Re: Customer-facing ACLs Justin Shore (Mar 07)
- Re: Customer-facing ACLs Scott Weeks (Mar 07)
- RE: Customer-facing ACLs Carpenter, Jason (Mar 07)
- Re: Customer-facing ACLs Dave Pooser (Mar 07)
- Re: Customer-facing ACLs Andy Dills (Mar 07)
- Re: Customer-facing ACLs Dave Pooser (Mar 07)