BCP for ISP to block worms at PEs and NAS
J.D. Falk
jdfalk at cybernothing.org
Sun Apr 17 17:05:01 UTC 2005
On 04/17/05, Randy Bush <randy at psg.com> wrote:
> > On my Cisco-based SP network with RPMs in MGX chassis acting as PEs:
> > I have the ACL below applied on many network devices to block the
> > common worms ports,
>
> if you are a service provider, perhaps filtering in the core will
> not be appreciated by some customers. of course, as a provider,
> you can choose what 'service' you are providing. but, if you
> filter ports, it is not clear you are providing internet service.
In practice, it is nearly certain that your users won't care (or
even notice) -- but grumpygeeks will argue about it anyway.
--
J.D. Falk As a carpenter bends the seat of a chariot
<jdfalk at cybernothing.org> I bend this frenzy round my heart.
More information about the NANOG
mailing list