Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: ACLs / Filter Lists - Best Practices

  • From: Christopher L. Morrow
  • Date: Wed Nov 28 00:15:49 2001


On Tue, 27 Nov 2001, John McBrayne wrote:

jm>
jm> Is anyone aware of any current "best practices" related to the
jm> recommended set of filtering rules (Cisco ACL lists or Juniper filter
jm> sets) for reasons of Security, statistics collection, DoS attack
jm> analysis/prevention, etc.?  I'm curious to see if there are any such

John, the three areas you mention above really should be treated
differently, is there something you are particularly interested in among
these?

On a 'generic' note there is are some recommendations offered by Cisco at
thier website, I can't (of course) endorse them over anyone else, Barry
Greene (who posts at times here and should respond to this note with the
proper links from Cisco) is one of the better voices at Cisco for the
Security (atleast) topic.

Additionally, there were some 'recommended' or 'best practices' covered at
the last NANOG: http://www.nanog.org/mtg-0110/greene.html

That should atleast get you started on 'Security' and 'DoS' stuff... as to
statistics could you clarify this some?

jm> recommendations for Tier 1/Tier 2 backbone routers, peering points,
jm> etc., as opposed to CPE terminations or Enterprise/LAN equipment
jm> recommendations.
jm>

Hmm, I'm not going to recommend anything, since your network is likely
MUCH different from any one I'm working on... BUT perhaps wecan discuss
some likely scenarios?? (perhaps the other list members might have some
statistics gathering ideas/examples??)

jm> Actual config file examples would be great, if they exist.






Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.