[c-nsp] ISP - unwanted traffic
Christopher Gatlin
gatlin007 at gmail.com
Wed Jun 2 15:46:19 EDT 2010
Depending on your topology Cisco Unicast Reverse Path Forwarding may be a
good fit. It's usefulness is highly dependent on an ISP's topology in
regard to equal cost paths and transit traffic.
http://www.cisco.com/en/US/docs/ios/sec_data_plane/configuration/guide/sec_cfg_unicast_rpf.html#wp1001292
Chris
http://travelingtech.net
On Wed, Jun 2, 2010 at 1:22 PM, Saxon Jones <saxon.jones at gmail.com> wrote:
> I've not tried this, but at a conceptual level I think stateful
> firewall rules would achieve what you're trying to do. I'm unconvinced
> you'll enjoy the result, since you're going to have to rely on your
> session tables and if that isn't perfect then you're going to have
> unexpected behaviour (and also it won't be perfect for session-less
> traffic like most UDP). I think that's a risk in what you're trying to
> achieve, and not specific to how you achieve it; whether it's worth it
> or not is up to you. I'd be rather unimpressed if I found out my ISP
> was doing this to my traffic (not because I want asymmetric routing at
> home but because of the risks it entails).
>
> -saxon
>
> On 2 June 2010 12:04, jack daniels <jckdaniels12 at gmail.com> wrote:
> > Hi Guys,
> > I'm facing a issue and stuck on a thought process , would appreciate if
> some
> >
> > way you guys can show with your experience in industry -
> >
> > ISSUE ----
> >
> > user X spoofs IP ADDRESS OF ISP-A and sends traffic out to internet...
> > now when traffic is comming back via ISP-A... I want to block such
> traffic
> > which is not orignating from my ISP...
> > but catch here is ---- filtering is to be done in ISP ...so putiing acl
> for
> > each users and ports is not scallable.....
> > Please help with any way out ...
> > Thanks and Regards
> > _______________________________________________
> > cisco-nsp mailing list cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list