RE: Block traffic not orignating from ISP autonomous system

Put unicast reverse path filtering on your inside interfaces to stop user A
from originating traffic internally from an external address.

Regards,
 
Tyson Scott - CCIE #13513 R&S, Security, and SP
Managing Partner / Sr. Instructor - IPexpert, Inc.
Mailto: tscott_at_ipexpert.com
Telephone: +1.810.326.1444, ext. 208
Live Assistance, Please visit: www.ipexpert.com/chat
eFax: +1.810.454.0130

IPexpert is a premier provider of Self-Study Workbooks, Video on Demand,
Audio Tools, Online Hardware Rental and Classroom Training for the Cisco
CCIE (R&S, Voice, Security & Service Provider) certification(s) with
training locations throughout the United States, Europe, South Asia and
Australia. Be sure to visit our online communities at
www.ipexpert.com/communities and our public website at www.ipexpert.com

-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of jack
daniels
Sent: Wednesday, June 02, 2010 7:18 AM
To: Cisco certification
Subject: Block traffic not orignating from ISP autonomous system

Hi Guys,

I'm facing a issue and stuck on a thought process , would appreciate if some

way you guys can show with your experience in industry -

ISSUE ----

user X spoofs IP ADDRESS OF ISP-A and sends traffic out to internet...
now when traffic is comming back via ISP-A... I want to block such traffic
which is not orignating from my ISP...
but catch here is ---- filtering is to be done in ISP ...so putiing acl for
each users and ports is not scallable.....
Please help with any way out ...

Thanks and Regards

Blogs and organic groups at http://www.ccie.net
Received on Wed Jun 02 2010 - 09:55:27 ART