Even if they care, its consuming alot of CPU resources and bandwidth, i had a long quarrel with my teams members on should we do it or not, i understand that if we only provide best effort traffic without any filtering contracted its wrong to do it, but the ACL matches are so big, doing it on the Radius however is one nice other way to do it IMHO, there was once a worm using port 5000 which broke IPSec, and i had to modify it all over the place, same with MSSQL ports, a Centralised configuration is much better, i would like to see these methods documented anywhere (Practices for ISPs to block worms) On 4/17/05, J.D. Falk <jdfalk@cybernothing.org> wrote:
On 04/17/05, Randy Bush <randy@psg.com> wrote:
On my Cisco-based SP network with RPMs in MGX chassis acting as PEs: I have the ACL below applied on many network devices to block the common worms ports,
if you are a service provider, perhaps filtering in the core will not be appreciated by some customers. of course, as a provider, you can choose what 'service' you are providing. but, if you filter ports, it is not clear you are providing internet service.
In practice, it is nearly certain that your users won't care (or even notice) -- but grumpygeeks will argue about it anyway.
-- J.D. Falk As a carpenter bends the seat of a chariot <jdfalk@cybernothing.org> I bend this frenzy round my heart.