Automatic filtering - CISCO, you should think about this...

Phil_Howard1 · December 29, 1997, 2:24pm

Alex P. Rudnev writes...

> How about having "no-auto-inbound-filter" instead, making the default in
all
> new versions of IOS be to run this essential level of protection, providing
> a means to turn it off only for those who know they need to turn it off.
It was proposed to CISCO about 1 year ago. But I have head they are doing
something about this (through it's in private talks only).

Once the appropriate management decides that a feature like this is a top
priority, Cisco surely has the resources to get it implemented into IOS
code, and tested, in perhaps 3 months and no less than 6 months. They
clearly have other priorities. We need to push this one ahead, to the top.
I'd even settle for having the function w/o a way to turn it off as an
interim if the holdup is deciding how to make it configurable.

We should all ask our Cisco sales people if "default auto-inbound-filter"
will be in all shipped IOS versions by, say, 2Q98. If they can't say "yes"
then grill 'em and leave the impression you'll be looking at other products
in 2Q98.

And if you have Ascend sales people calling, ask 'em the same thing. Same
for anyone else. For example I have a 3com salesman constantly checking up
on how happy I am with my Ascend MAX's. I know what I'll be asking him on
his next phone call.

Peter_Evans · December 29, 1997, 4:09pm

(hope this is being sent to the right nanog address)

[about auto-inbound filter]

  IMHO, the best place for this sort of filter is on dialup servers,
  to stop the 31337 kode weenies with their little lunix boxen hosing
  around.

  This would be things like cisco's 5200 access servers,
  ascend's max and big ugly boxen (GRF?),
  livingston portmonsters and USR^H^H^H3COM total(ly out of)control.

We should all ask our Cisco sales people if "default auto-inbound-filter"
will be in all shipped IOS versions by, say, 2Q98. If they can't say "yes"
then grill 'em and leave the impression you'll be looking at other products
in 2Q98.

my cisco sales person would need re-education first.

And if you have Ascend sales people calling, ask 'em the same thing. Same
for anyone else. For example I have a 3com salesman constantly checking up
on how happy I am with my Ascend MAX's. I know what I'll be asking him on
his next phone call.

I asked USR for this feature back when we were just starting BETA
testing of TC chassis. (March) Nothing since then.

I believe I worded it like this:

I'd like an automatic filter on my dialups that will drop anything
that isn't sourced from an address that you have given it.

Peter