Actually, this can be achieved easily using reflexive ACLs on any Cisco
router, so no real need to change the topology or add new devices in the
path:
http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00800a5b9a.shtml#reflexacl
Arie
On Sat, Nov 28, 2009 at 10:26 PM,
I'm reasonable certain a customer of ours who is using one of our
netblocks is using a different reverse path to reach us. How might I
figure out who is allowing them to source traffic from IPs that belong
to us?
you are implying that they are not allowed to multi-home using the ip
On Fri, Nov 27, 2009 at 10:43 PM, ML m...@kenweb.org wrote:
I'm reasonable certain a customer of ours who is using one of our netblocks
is using a different reverse path to reach us. How might I figure out who
is allowing them to source traffic from IPs that belong to us?
Hi,
Are they
On Sat, Nov 28, 2009 at 09:41:09AM -0600, Joe Greco wrote:
[attributions lost]
I'm reasonable certain a customer of ours who is using one of our
netblocks is using a different reverse path to reach us. How might I
figure out who is allowing them to source traffic from IPs that belong
On 11/27/09 8:43 PM, ML wrote:
I'm reasonable certain a customer of ours who is using one of our
netblocks is using a different reverse path to reach us. How might I
figure out who is allowing them to source traffic from IPs that belong
to us?
I've had two customers pull this stunt in the
On Sat, Nov 28, 2009 at 09:41:09AM -0600, Joe Greco wrote:
[attributions lost]
I'm reasonable certain a customer of ours who is using one of our
netblocks is using a different reverse path to reach us. How might I
figure out who is allowing them to source traffic from IPs that
Brielle Bruns wrote:
On 11/27/09 8:43 PM, ML wrote:
I'm reasonable certain a customer of ours who is using one of our
netblocks is using a different reverse path to reach us. How might I
figure out who is allowing them to source traffic from IPs that belong
to us?
I've had two customers
On Sat, Nov 28, 2009 at 1:41 PM, Brielle Bruns br...@2mbit.com wrote:
My partner Tammy says a PIX could probably accomplish the same task (we have
some here for the corp lan stuff, including spares).
Yes, a PIX/ASA would stop this cold. The TCP state tracking would not
allow traffic to pass
: Duane Waddle
To: nanog@nanog.org
Subject: Re: Finding asymmetric path
Sent: Nov 28, 2009 1:26 PM
On Sat, Nov 28, 2009 at 1:41 PM, Brielle Bruns br...@2mbit.com wrote:
My partner Tammy says a PIX could probably accomplish the same task (we have
some here for the corp lan stuff, including spares
On Sat, Nov 28, 2009 at 2:14 PM, ML m...@kenweb.org wrote:
Brielle is correct. The customer in question is spamming networks and we
are having trouble filtering them because another provider allows them to
source traffic however they please.
What trouble? SMTP requires two-way traffic with a
Brielle is correct. The customer in question is spamming networks and
we are having trouble filtering them because another provider allows
them to source traffic however they please.
then perhaps the issue is a bit larger than their traffic incoming to
you. disconnect the schmucks.
randy
Yes - term the account would be my recommendation
And if you filter port 25 traffic do it both ways
Read these old nanog threads ..
http://www.irbs.net/internet/nanog/0408/0465.html and
http://www.mail-archive.com/na...@merit.edu/msg28863.html
On Sun, Nov 29, 2009 at 3:58 AM, William Herrin
Brielle is correct. The customer in question is spamming networks and we
are having trouble filtering them because another provider allows them to
source traffic however they please.
If they are spamming just pull the plug, whatever revenue you get from them
is not worth your reputation and
I'm reasonable certain a customer of ours who is using one of our
netblocks is using a different reverse path to reach us. How might I
figure out who is allowing them to source traffic from IPs that belong
to us?
I'm reasonable certain a customer of ours who is using one of our
netblocks is using a different reverse path to reach us. How might I
figure out who is allowing them to source traffic from IPs that belong
to us?
you are implying that they are not allowed to multi-home using the ip
space
Randy Bush wrote:
I'm reasonable certain a customer of ours who is using one of our
netblocks is using a different reverse path to reach us. How might I
figure out who is allowing them to source traffic from IPs that belong
to us?
you are implying that they are not allowed to multi-home
-Original Message-
From: ML [mailto:m...@kenweb.org]
Sent: Friday, November 27, 2009 10:44 PM
I'm reasonable certain a customer of ours who is using one of our
netblocks is using a different reverse path to reach us. How might I
figure out who is allowing them to source traffic
I'm reasonable certain a customer of ours who is using one of our
netblocks is using a different reverse path to reach us. How might I
figure out who is allowing them to source traffic from IPs that belong
to us?
you are implying that they are not allowed to multi-home using the ip
space
On Fri, Nov 27, 2009 at 11:23 PM, Randy Bush ra...@psg.com wrote:
perhaps it is fear of what they, possibly mistakenly, perceive to be
your policy regarding announcement of space that keeps them from
announcing normally to both, or more, links?
or maybe just better pricing on the other
19 matches
Mail list logo