level3 dia egress filtering?
cb.list6 at gmail.com
Tue May 13 02:02:28 UTC 2014
On May 12, 2014 6:53 PM, "Justin M. Streiner" <streiner at cluebyfour.org>
> On Mon, 12 May 2014, Bob Evans wrote:
>> Ahh, Yep, same thing port and/or protocol for an address range. I
>> seen that accomplished via BGP. I know ATT will do it - they want about
>> more per month for that ability. All your traffic is redirected (extra
>> hops ) through a firewall. So, it's a basic expensive firewall service.
>> We have done both port based and protocol. But it gets installed by hand
>> only on the connected port the customer.
> From what I've seen, most of the major carriers don't filter traffic
outside of truly exceptional circumstances, or it's treated as a revenue
source. If it's offered at all, it's often priced unattractively, because
carriers often don't want to be in the firewall/port-filtering business.
All my providers provide me incident response that includes rtbh as well as
ACL and in some cases protocol rate limiting. ACL may take a while working
the phone, but rtbh is immediate.
I substanilly decreased business with at&t since they do not offer rtbh.
Rtbh is really the floor on security features, and at&t is below the floor.
More information about the NANOG