[c-nsp] Simple ACL not working 7600

Frank Bulk (iname.com) frnkblk at iname.com
Tue Aug 5 00:01:22 EDT 2014


We do have a good AUP that allows us to interact with customers on things
like this.  We don't have a captive portal, and even if we did, I wouldn't
block over 10% of our customers!  That would be a career changing move.  And
even more so if there's no reasonable mitigation other than buying a new
SOHO router.

Blocking port 1900 is clearly the cleaner mitigation approach.

Frank

-----Original Message-----
From: cisco-nsp [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of
Roland Dobbins
Sent: Monday, August 04, 2014 9:09 PM
To: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Simple ACL not working 7600


On Aug 5, 2014, at 9:01 AM, Frank Bulk <frnkblk at iname.com> wrote:

> Unfortunately I'm not in the position to dictate which routers my
residential subscribers use on their broadband connection, 

Is there anything in your AUP about customers running abusable services?  If
not, it might be time to consider revising it.

The AUP is the single most effective security tool a network operator has,
if it's both complete and enforced (the second most effective security tool
a network operator has is the RFP).

> and the quantity of subs (over 1000) makes forcing them to remediate nigh
impossible.

Do you have some sort of capture/quarantine system to force a subscriber
browsing the Web into a portal which can be used to display a page telling
them that they've an issue they must remediate?  If not, it might be a good
idea to look at implementing one.

----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>

                   Equo ne credite, Teucri.

    		   	  -- Laocoön


_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/





More information about the cisco-nsp mailing list