[c-nsp] Simple ACL not working 7600
Roland Dobbins
rdobbins at arbor.net
Mon Aug 4 21:08:48 EDT 2014
On Aug 5, 2014, at 7:17 AM, Frank Bulk <frnkblk at iname.com> wrote:
> I applied an ACL on our CMTS last week and that was very effective in resolving that gap
You do understand that this is going to randomly break stuff for your subscribers, yes?
The best way to resolve this issue is to remediate the abusable CPE and/or work with customers to get it remediated, if it isn't CPE you own/operate.
If you have to do this temporarily whilst remediation is taking place, herding the abusable CPE together in terms of CIDR blocks and then doing this only for the CIDR blocks in question will minimize the scope of any collateral issues.
But blocking high ports towards your subscribers as a permanent blanket policy causes problems and isn't the way to permanently resolve issues of this nature.
----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
Equo ne credite, Teucri.
-- Laocoön
More information about the cisco-nsp
mailing list