Infrastructure Filtering (was Re: Patching for Cisco vulnerability)
Niels Bakker
niels=nanog at bakker.net
Fri Jul 18 23:19:03 UTC 2003
* chris at UU.NET (Christopher L. Morrow) [Sat 19 Jul 2003, 01:03 CEST]:
> hrm, what nodes don't run 55/53/77/103? What do? Do you have a list? Could
> we have it?
I'm sure you know what devices in your network run Mobile IP or Sun ND
(to paraphrase Randy Bush, you can probably count them on the fingers
of your nose).
Router#conf t
Router(config)#ip receive-acl 10 no-idiocy
> Seriously though... the edge networks (as Jared pointed out) should be
> able to decide what they want to filter and what they don't... perhaps
> some large ISP would decide you don't want any traffic from 212/8 or
> perhaps all porn? Or all religious material? You don't want someone
> deciding what you do and don't get... unless that someone is you :)
That's why I said that transit networks could filter only towards their
own infrastructure.
> yes... inside my network I know what my loopbacks and links are, inside
> yours?? No idea... or Jared's or Tim Battles or...
Luckily it's not your responsibility to protect them (only to intervene
when advised they're under attack, which I've heard you're doing a very
good job at - but that aside).
Regards,
-- Niels.
--
"The time of getting fame for your name on its own is over. Artwork that
is only about wanting to be famous will never make you famous. Any fame
is a bi-product of making something that means something. You don't go to
a restaurant and order a meal because you want to have a shit." -- Banksy
More information about the NANOG
mailing list