North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: BCP for ISP to block worms at PEs and NAS
On Sun, 17 Apr 2005, J.D. Falk wrote: > > On 04/17/05, Randy Bush <firstname.lastname@example.org> wrote: > > > > On my Cisco-based SP network with RPMs in MGX chassis acting as PEs: > > > I have the ACL below applied on many network devices to block the > > > common worms ports, > > > > if you are a service provider, perhaps filtering in the core will > > not be appreciated by some customers. of course, as a provider, > > you can choose what 'service' you are providing. but, if you > > filter ports, it is not clear you are providing internet service. > > In practice, it is nearly certain that your users won't care (or > even notice) -- but grumpygeeks will argue about it anyway. interesting... everytime we have filtered in the core we've gotten complaints, I believe many folks filtered/rate-limited in their cores for welchia/nachia and got bunches of complaints about it as well... Hrm, maybe all of these folks are just grumpy-geeks?