On Sun, 17 Apr 2005, Randy Bush wrote:
> celebrate diversity (aka i wish all my competitors did that:-)
What did people think would happen if they try to hold third-parties
liable for the actions of others? Third-parties have very little
interest in defending your diversity. And if the FCC star
> interesting... everytime we have filtered in the core we've gotten
> complaints, I believe many folks filtered/rate-limited in their cores for
> welchia/nachia and got bunches of complaints about it as well... Hrm,
> maybe all of these folks are just grumpy-geeks?
i suspect that the remaining s
On Sun, 17 Apr 2005, Randy Bush wrote:
> >>> On my Cisco-based SP network with RPMs in MGX chassis acting as
> >>> PEs: I have the ACL below applied on many network devices to
> >>> block the common worms ports,
> >> if you are a service provider, perhaps filtering in the core
> >> will not be a
On Sun, 17 Apr 2005, J.D. Falk wrote:
>
> On 04/17/05, John Kristoff <[EMAIL PROTECTED]> wrote:
>
> > > deny tcp any any range 135 139
> > > deny udp any any range 135 netbios-ss
> > > deny tcp any any eq 445
> > > deny udp any any eq 1026
> >
> > Similar as before, you are going to
On Sun, 17 Apr 2005, J.D. Falk wrote:
>
> On 04/17/05, Randy Bush <[EMAIL PROTECTED]> wrote:
>
> > > On my Cisco-based SP network with RPMs in MGX chassis acting as PEs:
> > > I have the ACL below applied on many network devices to block the
> > > common worms ports,
> >
> > if you are a service
On Sun, 17 Apr 2005, Christopher L. Morrow wrote:
> one approach might be radius installed filters? some contract language to
> allow 'customers' to request standard templated filters at little/no-extra
> cost to them. Allow them to make the decision to filter themselves (where
> 'themselves' may
On Sun, 17 Apr 2005 13:00:30 -0700
"J.D. Falk" <[EMAIL PROTECTED]> wrote:
> > > deny udp any any eq 1026
> >
> > Similar as before, you are going to be removing some legitimate
> > traffic.
>
> Is this really true? All of the ports listed above are used by
> LAN protocols that w
In message <[EMAIL PROTECTED]>, "J.D. Falk" writes:
>
>On 04/17/05, John Kristoff <[EMAIL PROTECTED]> wrote:
>
>> > deny tcp any any range 135 139
>> > deny udp any any range 135 netbios-ss
>> > deny tcp any any eq 445
>> > deny udp any any eq 1026
>>
>> Similar as before, you are go
On 04/17/05, John Kristoff <[EMAIL PROTECTED]> wrote:
> > deny tcp any any range 135 139
> > deny udp any any range 135 netbios-ss
> > deny tcp any any eq 445
> > deny udp any any eq 1026
>
> Similar as before, you are going to be removing some legitimate
> traffic.
Is this
On Sun, 17 Apr 2005 13:28:21 +0200
Kim Onnel <[EMAIL PROTECTED]> wrote:
> I have the ACL below applied on many network devices to block the
> common worms ports,
Beware, you are guaranteed to be blocking other, legitimate things
too with some of these rules. More below.
> ip access-list extend
Even if they care, its consuming alot of CPU resources and bandwidth,
i had a long quarrel with my teams members on should we do it or not,
i understand that if we only provide best effort traffic without any
filtering contracted its wrong to do it, but the ACL matches are so
big, doing it on the
On 04/17/05, Randy Bush <[EMAIL PROTECTED]> wrote:
> > On my Cisco-based SP network with RPMs in MGX chassis acting as PEs:
> > I have the ACL below applied on many network devices to block the
> > common worms ports,
>
> if you are a service provider, perhaps filtering in the core will
> not b
>>> On my Cisco-based SP network with RPMs in MGX chassis acting as
>>> PEs: I have the ACL below applied on many network devices to
>>> block the common worms ports,
>> if you are a service provider, perhaps filtering in the core
>> will not be appreciated by some customers. of course, as a
>> p
On Sun, 17 Apr 2005, Randy Bush wrote:
>
> > On my Cisco-based SP network with RPMs in MGX chassis acting as PEs:
> > I have the ACL below applied on many network devices to block the
> > common worms ports,
>
> if you are a service provider, perhaps filtering in the core will
> not be appreciat
> On my Cisco-based SP network with RPMs in MGX chassis acting as PEs:
> I have the ACL below applied on many network devices to block the
> common worms ports,
if you are a service provider, perhaps filtering in the core will
not be appreciated by some customers. of course, as a provider,
you c
On 4/17/05, Kim Onnel <[EMAIL PROTECTED]> wrote:
>
> Can someone confirm if my approach explained below is sufficient and
> if there is other/better ways to do this ? something i am missing.
>
blocking netbios and 2..3 other ports is one way to go.
however, what you need is fast detection and
Hello,
Can someone confirm if my approach explained below is sufficient and
if there is other/better ways to do this ? something i am missing.
On my Cisco-based SP network with RPMs in MGX chassis acting as PEs:
I have the ACL below applied on many network devices to block the
common worms port
17 matches
Mail list logo
