Not sure how many places you intend to post this or related messages, but if you've got a problem vote with your money. Whining to NANOG and a slew of other mailing lists and still giving money to Qwest seems silly to me... Likewise, the Qwest folks likely aren't quite as clueless as you've attempted to portray them over the last few days, silly policies (policies that are clearly in place for a reason) can be fixed -- and I assure you, above all else, money talks... -danny On Thursday, August 28, 2003, at 09:25 PM, John Brown wrote:
Seems like QWEST doesn't have any edge ACL's in place to deal with this lovely worm issue.
Count Source Prexix, rounded up to a /16
144 208.46.0.0 199 65.114.0.0 347 208.45.0.0 462 65.118.0.0 486 65.119.0.0 702 208.44.0.0 ---- 2340 TOTAL Packets out of 2500 for 2 seconds
This is ICMP and TCP MS bad traffic for a 2500 packet capture on a DS1 that is directly connected to Qwest. Ergo, Qwest is the transit provider. Capture period was about 2 seconds. ICK
According to Qwest Tech/Noc people they can't leave filters up for more than 1 day.
Given that this worm has lasted more than 1 day, I'd think its reasonable to leave filters up for say more than one day ????
The other thing I learned from QWEST IP-NOC was that it seems managment decided *NOT TO* filter packets related to this worm issue at the edge......
john brown AS 10480 and others