Re: level3 dia egress filtering?

[Ca By <cb.list6 () gmail com>]

On May 12, 2014 6:53 PM, "Justin M. Streiner" <streiner () cluebyfour org>
wrote:
> On Mon, 12 May 2014, Bob Evans wrote:
>
> > Ahh,  Yep, same thing port and/or protocol for an address range.  I
haven't
> > seen that accomplished via BGP. I know ATT will do it - they want about
2K
> > more per month for that ability. All your traffic is redirected (extra
> > hops ) through a firewall. So, it's a basic expensive firewall service.
> >
> > We have done both port based and protocol. But it gets installed by hand
> > only on the connected port the customer.
>
>
> From what I've seen, most of the major carriers don't filter traffic
outside of truly exceptional circumstances, or it's treated as a revenue
source.  If it's offered at all, it's often priced unattractively, because
carriers often don't want to be in the firewall/port-filtering business.
> jms

All my providers provide me incident response that includes rtbh as well as
ACL and in some cases protocol rate limiting.  ACL may take a while working
the phone, but rtbh is immediate.

I substanilly decreased business with at&t since they do not offer rtbh.
Rtbh is really the floor on security features, and at&t is below the floor.

CB