Michel Renfer wrote: > > Hi All! Hi, > What type of filtering do you do to prevent your network from > unwanted broadband-user-traffic? > > I'm currently on the way to review our current settings on the > interface to our backbone: > > - allow only active subnets > - deny rcf1918
Depends which way you want to go :) Allow or deny by default. RC1918 has been "extended" in the following Internet Draft: http://www.ietf.org/internet-drafts/draft-manning-dsua-07.txt but this ID never made to a RFC. > - deny all netbios stuff > - deny snmp Application based filtering is, like ICMP message filtering, a source of dispute. YMMReallyV :) uRPF is interesting in the access layer, in the core it may become a bit more complex but some options (like loose check instead of strict check and/or some excludes with ACLs really help). Some more details here, slides 24-25 and 34-35: http://www.securite.org/presentations/secip/ We will present it during SwiNOG-4, so if you have some feedback, ideas or questions, please send them so that we can prepare good answers ;-) Nico. -- Nicolas FISCHBACH ([EMAIL PROTECTED]) <http://www.securite.org/nico/> IP Engineering Manager - COLT Telecom AG Securite.Org Team <http://www.securite.org/> ---------------------------------------------- [EMAIL PROTECTED] Maillist-Archive: http://www.mail-archive.com/swinog%40swinog.ch/
