nanog mailing list archives
Re: Infrastructure Filtering (was Re: Patching for Cisco vulnerability)
From: Niels Bakker <niels=nanog () bakker net>
Date: Fri, 18 Jul 2003 22:31:34 +0200
Hi Charles, * spork () inch com (Charles Sprickman) [Fri 18 Jul 2003, 22:21 CEST]:
If I recall correctly, Rob's Secure IOS Template touches on filtering known services (the BGP listener, snmp), but what are people's feelings on maintaining filters on all interfaces *after* loading a fixed IOS?
You'll have to weigh the benefits to the downsides. Benefits to filtering IP packets with those four protocols: - You're protecting your network, and possibly others, from failure - You can see pretty quickly when someone's trying to attack you or other networks Downsides: - You're hampering the use of several technologies - Possible impact on the load / forwarding capacity of your router (dependent on its architecture) Personally I'd try to filter packets destined for known router interfaces and let the rest pass through. And of course not run known-buggy software (famous last words...). -- Niels. -- <anselm> rather than calling it bluetooth the protocol should be called 'erikson wireless cellphone earpiece protocol' since that seems to be its only real use.
Current thread:
- Re: Patching for Cisco vulnerability, (continued)
- Re: Patching for Cisco vulnerability Jared Mauch (Jul 18)
- Re: Patching for Cisco vulnerability Daniel Roesen (Jul 18)
- Re: Patching for Cisco vulnerability Larry Rosenman (Jul 18)
- Re: Patching for Cisco vulnerability Petri Helenius (Jul 18)
- Re: Patching for Cisco vulnerability Stephen J. Wilcox (Jul 18)
- Re: Patching for Cisco vulnerability Jason Frisvold (Jul 18)
- Re: Infrastructure Filtering (was Re: Patching for Cisco vulnerability) Petri Helenius (Jul 18)
- Re: Infrastructure Filtering (was Re: Patching for Cisco vulnerability) Niels Bakker (Jul 18)
- Re: Infrastructure Filtering (was Re: Patching for Cisco vulnerability) Curtis Maurand (Jul 18)
- Re: Infrastructure Filtering (was Re: Patching for Cisco vulnerability) Jared Mauch (Jul 18)
- Re: Infrastructure Filtering (was Re: Patching for Cisco vulnerability) Niels Bakker (Jul 18)
- Re: Infrastructure Filtering (was Re: Patching for Cisco vulnerability) Christopher L. Morrow (Jul 18)
- Re: Infrastructure Filtering (was Re: Patching for Cisco vulnerability) Niels Bakker (Jul 18)
- Re: Infrastructure Filtering (was Re: Patching for Cisco vulnerability) Christopher L. Morrow (Jul 18)