ACLs / Filter Lists - Best Practices

Nicolas FISCHBACH nicolist at
Wed Nov 28 18:26:18 UTC 2001

John McBrayne wrote:
> Is anyone aware of any current "best practices" related to the
> recommended set of filtering rules (Cisco ACL lists or Juniper filter
> sets) for reasons of Security, statistics collection, DoS attack
> analysis/prevention, etc.?  I'm curious to see if there are any such
> recommendations for Tier 1/Tier 2 backbone routers, peering points,
> etc., as opposed to CPE terminations or Enterprise/LAN equipment
> recommendations.
> Actual config file examples would be great, if they exist.

Protecting your IP network infrastructure (talk @BlackHat Briefings)
(how to secure Cisco routers and (multi-layer) switches running IOS,
CatOS, CatIOS and the networks they interconnect) :

Any feedback, comments, fixes, ideas are welcome :-)

Nicolas FISCHBACH (nico at <>
Senior IP&Security Engineer - Professional Services - COLT Telecom AG
Securite.Org Team <>

More information about the NANOG mailing list