Re: Block traffic not orignating from ISP autonomous system

Actually is there any wayout if I want to keep control in ISP-A hand ....not
to rely on other guy

On Wed, Jun 2, 2010 at 11:50 PM, Bernard Steven <buny.steven_at_gmail.com>wrote:

> stateful filtering.
> For an ISP , impractical.
>
> Try escalating to upstream provider for uRPF the source
>
>
> On Wed, Jun 2, 2010 at 10:21 PM, jack daniels <jckdaniels12_at_gmail.com>wrote:
>
>> traffic is coming back from ISP-A , but orignating from another ISP......
>> traffic needs to be filtered on ISP-A, if not orignating in ISP-A....
>>
>> how URPF can help in this case.
>>
>> On Wed, Jun 2, 2010 at 7:25 PM, Tyson Scott <tscott_at_ipexpert.com> wrote:
>>
>> > Put unicast reverse path filtering on your inside interfaces to stop
>> user A
>> > from originating traffic internally from an external address.
>> >
>> > Regards,
>> >
>> > Tyson Scott - CCIE #13513 R&S, Security, and SP
>> > Managing Partner / Sr. Instructor - IPexpert, Inc.
>> > Mailto: tscott_at_ipexpert.com
>> > Telephone: +1.810.326.1444, ext. 208
>> > Live Assistance, Please visit: www.ipexpert.com/chat
>> > eFax: +1.810.454.0130
>> >
>> > IPexpert is a premier provider of Self-Study Workbooks, Video on Demand,
>> > Audio Tools, Online Hardware Rental and Classroom Training for the Cisco
>> > CCIE (R&S, Voice, Security & Service Provider) certification(s) with
>> > training locations throughout the United States, Europe, South Asia and
>> > Australia. Be sure to visit our online communities at
>> > www.ipexpert.com/communities and our public website at www.ipexpert.com
>> >
>> >
>> > -----Original Message-----
>> > From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
>> > jack
>> > daniels
>> > Sent: Wednesday, June 02, 2010 7:18 AM
>> > To: Cisco certification
>> > Subject: Block traffic not orignating from ISP autonomous system
>> >
>> > Hi Guys,
>> >
>> > I'm facing a issue and stuck on a thought process , would appreciate if
>> > some
>> >
>> > way you guys can show with your experience in industry -
>> >
>> >
>> >
>> > ISSUE ----
>> >
>> >
>> > user X spoofs IP ADDRESS OF ISP-A and sends traffic out to internet...
>> > now when traffic is comming back via ISP-A... I want to block such
>> traffic
>> > which is not orignating from my ISP...
>> > but catch here is ---- filtering is to be done in ISP ...so putiing acl
>> for
>> > each users and ports is not scallable.....
>> > Please help with any way out ...
>> >
>> > Thanks and Regards
>> >
>> >
>> > Blogs and organic groups at http://www.ccie.net
>> >
>> > _______________________________________________________________________
>> > Subscription information may be found at:
>> > http://www.groupstudy.com/list/CCIELab.html
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> > No virus found in this incoming message.
>> > Checked by AVG - www.avg.com
>> > Version: 9.0.819 / Virus Database: 271.1.1/2913 - Release Date: 06/02/10
>> > 05:57:00
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Wed Jun 02 2010 - 23:58:02 ART