[67994] in North American Network Operators' Group
Re: Best Common Practice - Listening to local routes from peers?
daemon@ATHENA.MIT.EDU (Patrick W.Gilmore)
Thu Feb 26 23:29:18 2004
In-Reply-To: <6B628149FCE1B543A3AB351A29DC7D8E04A67D@basilisk.noanet.lan>
Cc: Patrick W.Gilmore <patrick@ianai.net>
From: Patrick W.Gilmore <patrick@ianai.net>
Date: Thu, 26 Feb 2004 23:28:18 -0500
To: nanog@merit.edu
Errors-To: owner-nanog-outgoing@merit.edu
On Feb 26, 2004, at 11:22 PM, Michael Smith wrote:
> We have a customer of a customer who is attempting to send traffic from
> IP space we control, through the Internet and back into us via one of
> our transit connections.
>
> I have filters in place that block all inbound traffic from the blocks
> I
> announce coming in over my transit and peering connections. This is
> breaking the downstream customer ability to route from them, through
> UUNet, and back to me.
>
> I'm curious what the Best Common Practice is for this type of scenario.
> I have always used this type of filtering as a way to bury
> source-spoofed traffic in a DDOS situation but I'm not sure if it's
> appropriate, generally speaking.
It is a good idea to filter source IP on the edge. Since your customer
has more than one upstream, filtering their IP space at your border is
not "the edge".
Filter their source IP where your network meets their network. Filter
your source IP at your upstream borders.
My $0.0000003411284. :)
--
TTFN,
patrick
