[c-nsp] ISP - unwanted traffic
Saxon Jones
saxon.jones at gmail.com
Wed Jun 2 14:22:03 EDT 2010
I've not tried this, but at a conceptual level I think stateful
firewall rules would achieve what you're trying to do. I'm unconvinced
you'll enjoy the result, since you're going to have to rely on your
session tables and if that isn't perfect then you're going to have
unexpected behaviour (and also it won't be perfect for session-less
traffic like most UDP). I think that's a risk in what you're trying to
achieve, and not specific to how you achieve it; whether it's worth it
or not is up to you. I'd be rather unimpressed if I found out my ISP
was doing this to my traffic (not because I want asymmetric routing at
home but because of the risks it entails).
-saxon
On 2 June 2010 12:04, jack daniels <jckdaniels12 at gmail.com> wrote:
> Hi Guys,
> I'm facing a issue and stuck on a thought process , would appreciate if some
>
> way you guys can show with your experience in industry -
>
> ISSUE ----
>
> user X spoofs IP ADDRESS OF ISP-A and sends traffic out to internet...
> now when traffic is comming back via ISP-A... I want to block such traffic
> which is not orignating from my ISP...
> but catch here is ---- filtering is to be done in ISP ...so putiing acl for
> each users and ports is not scallable.....
> Please help with any way out ...
> Thanks and Regards
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list