On Tue, Mar 12, 2002 at 12:06:02PM +0100, Michel Renfer wrote: > Hi All! > > What type of filtering do you do to prevent your network from > unwanted broadband-user-traffic? > > I'm currently on the way to review our current settings on the > interface to our backbone: > > - allow only active subnets
yes > - deny rcf1918 yes but #1 imply denying it implicitly > - deny all netbios stuff > - deny snmp hmm no, personnaly I'm not in favor of any service filtering. I began beeing in the broadband world by beeing a customer, I would have hated my cable ISP if it was denying some traffic in bulk, while I would have used snmp/wins for gaining some knowledge about the protocols, between home and school for example. True, snmp and netbios on long haul are usually ''hack'' attempt, still somme people use the for doing Good Things :) Educating peoples takes a long time, but that's the price to pay for not falling in simplistic approach putting all customers in the same basket. That's just my opinion. > any comments/hints? is anybody using rpf? yes, I've been using it at urbanet since it was available in IOS, very nice, low overhead on central CPU routers. Can't says if they still use it. you just have to be carefull to activate it wher it can be :) I replaced ingress ACL with it and it was very successfull. cheers. -- Philippe Strauss http://philou.ch/ L'indiff�rence est le plus grand risque de notre temps, la forme civilis�e de la cruaut�. -- Zenta Maurina -- ---------------------------------------------- [EMAIL PROTECTED] Maillist-Archive: http://www.mail-archive.com/swinog%40swinog.ch/
