BCP for ISP to block worms at PEs and NAS

• From: Kim Onnel
• Date: Sun Apr 17 07:29:27 2005

• Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=uqt7TX3N+5Ur1PwBXmuxqz0XIj7ykX2gFofgbOVt465AOreoSeLw1PZ4RSgQ5jfzh6aZ3tAqS1DLU9fE2F2JALNFhbH4EDGjgb7PyuOgm117amfzM5P5TA0glHTs+YEF5KuXqJPuGbJ4HmeFGCxhmJjzlG+ocSOmCEVhYq4oFJM=

Hello,

Can someone confirm if my approach explained below is sufficient and
if there is other/better ways to do this ? something i am missing.

On my Cisco-based SP network with RPMs in MGX chassis acting as PEs:

I have the ACL below applied on many network devices to block the
common worms ports,

On the NAS, i have placed the worm on the Group-Async interfaces so
the worms will not propagate between user who dial up on the same NAS,
and on the uplink ethernet interface.(in and out)

On the PEs, i have placed it on the interface switches for the
customers and on the uplink too, and then on the aggregating routers
and on the gateway for all these.

ip access-list extended worms
 deny   tcp any any eq 5554
 deny   tcp any any range 135 139
 deny   udp any any range 135 netbios-ss
 deny   tcp any any eq 445
 deny   udp any any eq 1026
 permit ip any any


Regards

• Follow-Ups:
  • Re: BCP for ISP to block worms at PEs and NAS John Kristoff
  • Re: BCP for ISP to block worms at PEs and NAS Randy Bush
  • Re: BCP for ISP to block worms at PEs and NAS Suresh Ramasubramanian

• Prev by Date: Re: cost of doing business (was:Re: OpenTransit (france telecom)depeers cogent)
• Next by Date: Re: BCP for ISP to block worms at PEs and NAS
• Date Index
• Thread Index
• Author Index
• Historical