North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Infrastructure Filtering (was Re: Patching for Cisco vulnerability)

  • From: Niels Bakker
  • Date: Fri Jul 18 19:20:54 2003

* [email protected] (Christopher L. Morrow) [Sat 19 Jul 2003, 01:03 CEST]:
> hrm, what nodes don't run 55/53/77/103? What do? Do you have a list? Could
> we have it?

I'm sure you know what devices in your network run Mobile IP or Sun ND
(to paraphrase Randy Bush, you can probably count them on the fingers
 of your nose).

Router#conf t
Router(config)#ip receive-acl 10 no-idiocy


> Seriously though... the edge networks (as Jared pointed out) should be
> able to decide what they want to filter and what they don't... perhaps
> some large ISP would decide you don't want any traffic from 212/8 or
> perhaps all porn? Or all religious material? You don't want someone
> deciding what you do and don't get... unless that someone is you :)

That's why I said that transit networks could filter only towards their
own infrastructure.


> yes... inside my network I know what my loopbacks and links are, inside
> yours?? No idea... or Jared's or Tim Battles or...

Luckily it's not your responsibility to protect them (only to intervene
when advised they're under attack, which I've heard you're doing a very
good job at - but that aside).

Regards,


	-- Niels.

-- 
"The time of getting fame for your name on its own is over. Artwork that
 is only about wanting to be famous will never make you famous. Any fame
 is a bi-product of making something that means something. You don't go to
 a restaurant and order a meal because you want to have a shit." -- Banksy