[79864] in North American Network Operators' Group
Re: BCP for ISP to block worms at PEs and NAS
daemon@ATHENA.MIT.EDU (J.D. Falk)
Sun Apr 17 13:06:24 2005
Date: Sun, 17 Apr 2005 10:05:01 -0700
From: "J.D. Falk" <jdfalk@cybernothing.org>
To: Kim Onnel <karim.adel@gmail.com>, nanog@merit.edu
In-Reply-To: <16994.34931.795525.398958@roam.psg.com>
Errors-To: owner-nanog@merit.edu
On 04/17/05, Randy Bush <randy@psg.com> wrote:
> > On my Cisco-based SP network with RPMs in MGX chassis acting as PEs:
> > I have the ACL below applied on many network devices to block the
> > common worms ports,
>
> if you are a service provider, perhaps filtering in the core will
> not be appreciated by some customers. of course, as a provider,
> you can choose what 'service' you are providing. but, if you
> filter ports, it is not clear you are providing internet service.
In practice, it is nearly certain that your users won't care (or
even notice) -- but grumpygeeks will argue about it anyway.
--
J.D. Falk As a carpenter bends the seat of a chariot
<jdfalk@cybernothing.org> I bend this frenzy round my heart.
