[79853] in North American Network Operators' Group
BCP for ISP to block worms at PEs and NAS
daemon@ATHENA.MIT.EDU (Kim Onnel)
Sun Apr 17 07:28:49 2005
Date: Sun, 17 Apr 2005 13:28:21 +0200
From: Kim Onnel <karim.adel@gmail.com>
Reply-To: Kim Onnel <karim.adel@gmail.com>
To: nanog@merit.edu
Errors-To: owner-nanog@merit.edu
Hello,
Can someone confirm if my approach explained below is sufficient and
if there is other/better ways to do this ? something i am missing.
On my Cisco-based SP network with RPMs in MGX chassis acting as PEs:
I have the ACL below applied on many network devices to block the
common worms ports,
On the NAS, i have placed the worm on the Group-Async interfaces so
the worms will not propagate between user who dial up on the same NAS,
and on the uplink ethernet interface.(in and out)
On the PEs, i have placed it on the interface switches for the
customers and on the uplink too, and then on the aggregating routers
and on the gateway for all these.
ip access-list extended worms
deny tcp any any eq 5554
deny tcp any any range 135 139
deny udp any any range 135 netbios-ss
deny tcp any any eq 445
deny udp any any eq 1026
permit ip any any
Regards
