On Aug 5, 2014, at 7:17 AM, Frank Bulk <[email protected]> wrote: > I applied an ACL on our CMTS last week and that was very effective in > resolving that gap
You do understand that this is going to randomly break stuff for your subscribers, yes? The best way to resolve this issue is to remediate the abusable CPE and/or work with customers to get it remediated, if it isn't CPE you own/operate. If you have to do this temporarily whilst remediation is taking place, herding the abusable CPE together in terms of CIDR blocks and then doing this only for the CIDR blocks in question will minimize the scope of any collateral issues. But blocking high ports towards your subscribers as a permanent blanket policy causes problems and isn't the way to permanently resolve issues of this nature. ---------------------------------------------------------------------- Roland Dobbins <[email protected]> // <http://www.arbornetworks.com> Equo ne credite, Teucri. -- Laocoön _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
