[AusNOG] Filtering services and odd things
Simon Paterson
simon.paterson.nz at gmail.com
Wed Feb 17 08:19:42 EST 2016
On 16/02/16 12:38, Tristram Cheer wrote:
>
> Hi All,
>
> I came across a client on our network that is using a filtering
> service where the client installs a device that sends all of their
> upload traffic over an IPSec tunnel to a 3^rd party network for
> inspection before that network then sends the request on with the
> “spoofed” IP of the client’s public IP so that the download stream
> returns directly to the client.
>
At $priorjob, we 'resold' the service that Pete mentioned.
>
> Has anyone else come across this type of service before? Have you run
> into problems with what is in effect one way traffic from a
> SME/Residential connection? It seems to me that BCP38 would knock this
> service out
>
We did encounter one BCP38 type issue. Port 80 traffic from clients,
destined to our own on-net web servers (customer portal, etc), passed
through the filtering ISP, then re-entered our network via local
peering. As we did do BCP38 style filtering, this traffic was dropped as
being our IPs spoofed externally. I therefore had to create specific
filter exceptions on all the likely ingress points for this type of traffic.
Cheers,
Simon
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20160217/b9e2dd3b/attachment-0001.html>
More information about the AusNOG
mailing list