BCP for ISP to block worms at PEs and NAS

J.D. Falk jdfalk at cybernothing.org
Sun Apr 17 17:05:01 UTC 2005


On 04/17/05, Randy Bush <randy at psg.com> wrote: 

> > On my Cisco-based SP network with RPMs in MGX chassis acting as PEs:
> > I have the ACL below applied on many network devices to block the
> > common worms ports,
> 
> if you are a service provider, perhaps filtering in the core will
> not be appreciated by some customers.  of course, as a provider,
> you can choose what 'service' you are providing.  but, if you
> filter ports, it is not clear you are providing internet service.

	In practice, it is nearly certain that your users won't care (or
	even notice) -- but grumpygeeks will argue about it anyway.

-- 
J.D. Falk                           As a carpenter bends the seat of a chariot
<jdfalk at cybernothing.org>                    I bend this frenzy round my heart.



More information about the NANOG mailing list