[55320] in North American Network Operators' Group
Re: Is it time to block all Microsoft protocols in the core?
daemon@ATHENA.MIT.EDU (Rubens Kuhl Jr.)
Mon Jan 27 08:41:41 2003
From: "Rubens Kuhl Jr." <rkjnanog@ieg.com.br>
To: "Jack Bates" <jbates@brightok.net>, <nanog@merit.edu>
Date: Mon, 27 Jan 2003 11:40:49 -0200
Errors-To: owner-nanog-outgoing@merit.edu
| c) We buy Cisco 5200's in mass volume because they support our rural
| networks better than any other modem bank we've tried (welcome to Oklahoma
| :) and the processor on this wonderful piece of hardware will not support
| the overhead of using a per user access-list methodology to filter the
| majority and whitelist those who need the service.
Use different IP pools, one for regular users, one for whitelisted. Uplink
hop filters netbios, ms-sql, common trojan ports before they get to
customers based on destination IP being from regular pool.
Rubens
