----- Original Message ----- > From: "Brandon Galbraith" <brandon.galbra...@gmail.com>
> On Wed, Feb 26, 2014 at 6:56 AM, Keegan Holley <no.s...@comcast.net> > wrote: > > More politely stated, it’s not the responsibility of the operator to > > decide what belongs on the network and what doesn’t. Users can run any > > services that’s not illegal or even reuse ports for other > > applications. > Blocking chargen at the edge doesn't seem to be outside of the realm > of possibilities. All of these conversations are variants of "how easy is it to set up a default ACL for loops, and then manage exceptions to it?". Assuming your gear permits it, I don't personally see all that much Bad Actorliness in setting a relatively tight bidirectional ACL for Random Edge Customers, and opening up -- either specific ports, or just "to a less-/un-filtered ACL" on specific request. The question is -- as it is with BCP38 -- *can the edge gear handle it*? And if not: why not? (Protip: because buyers of that gear aren't agitating for it) Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274