nanog mailing list archives
Re: Infrastructure Filtering (was Re: Patching for Cisco vulnerability)
From: "Christopher L. Morrow" <chris () UU NET>
Date: Sat, 19 Jul 2003 02:56:03 +0000 (GMT)
On Sat, 19 Jul 2003, Niels Bakker wrote:
* chris () UU NET (Christopher L. Morrow) [Sat 19 Jul 2003, 01:03 CEST]:hrm, what nodes don't run 55/53/77/103? What do? Do you have a list? Could we have it?I'm sure you know what devices in your network run Mobile IP or Sun ND (to paraphrase Randy Bush, you can probably count them on the fingers of your nose).
my nose has many fingers... wait, thats hairs! :) though I do agree... So, I must apologize for reading your message's intent in reverse.
Router#conf t Router(config)#ip receive-acl 10 no-idiocySeriously though... the edge networks (as Jared pointed out) should be able to decide what they want to filter and what they don't... perhaps some large ISP would decide you don't want any traffic from 212/8 or perhaps all porn? Or all religious material? You don't want someone deciding what you do and don't get... unless that someone is you :)That's why I said that transit networks could filter only towards their own infrastructure.
Agreed, and it does, to some extent... As should anyone elses, eh? It makes sense that if you have either of the 2 main vendor's products you can accomplish this task easily and at 'no cost'
yes... inside my network I know what my loopbacks and links are, inside yours?? No idea... or Jared's or Tim Battles or...Luckily it's not your responsibility to protect them (only to intervene when advised they're under attack, which I've heard you're doing a very good job at - but that aside).
We thank you, its a group effort... but as I said above, my apologies, this current event has me a bit punchy :)
Current thread:
- Re: Patching for Cisco vulnerability, (continued)
- Re: Patching for Cisco vulnerability Stephen J. Wilcox (Jul 18)
- Re: Patching for Cisco vulnerability Jason Frisvold (Jul 18)
- Re: Patching for Cisco vulnerability Stephen J. Wilcox (Jul 18)
- Infrastructure Filtering (was Re: Patching for Cisco vulnerability) Charles Sprickman (Jul 18)
- Re: Infrastructure Filtering (was Re: Patching for Cisco vulnerability) Petri Helenius (Jul 18)
- Re: Infrastructure Filtering (was Re: Patching for Cisco vulnerability) Niels Bakker (Jul 18)
- Re: Infrastructure Filtering (was Re: Patching for Cisco vulnerability) Curtis Maurand (Jul 18)
- Re: Infrastructure Filtering (was Re: Patching for Cisco vulnerability) Jared Mauch (Jul 18)
- Re: Infrastructure Filtering (was Re: Patching for Cisco vulnerability) Niels Bakker (Jul 18)
- Re: Infrastructure Filtering (was Re: Patching for Cisco vulnerability) Christopher L. Morrow (Jul 18)
- Re: Infrastructure Filtering (was Re: Patching for Cisco vulnerability) Niels Bakker (Jul 18)
- Re: Infrastructure Filtering (was Re: Patching for Cisco vulnerability) Christopher L. Morrow (Jul 18)