RE: Customer-facing ACLs

["Scott Weeks" <surfer () mauigateway com>]

--- frnkblk () iname com wrote: --------------------

We have a two-dozen line long ACL applied to our CMTS and BRAS blocking
Windows and "virus" ports and have never had a complaint or a problem.  We
do have a more sophisticated residential or large-biz customers ask, but
----------------------------------------

I'd like to ask the same question of you that I just did to Chris.  How'd
you implement that or has it been there since the network was new?


------ frnkblk () iname com wrote:  ------------
From: "Frank Bulk - iNAME" <frnkblk () iname com>

Those ACLs were added when I came on board.  Again, only one complaint in 3+
years.
--------------------------------------------

Do you mean they were already there when you arrived, or do you mean you just put in ACLs after arriving?  No research 
into traffic?  No contact to customers?  No elaborating to the less technical folks in the company about what was going 
to happen?  etc...

We have over 100k DSL folks and most're DHCP.  I'd be afraid to do that without research into the traffic via "permit 
TCP NNN log" type ACLs and other methods.  

I believe I will take Sean D's sugestion and read MAAWG's docs.  Makes me wonder, though, if we took over the Hawaii 
part of VZ's network and it was completely open, does that mean the rest of their network is similarly open?

scott