Unfortunately, HCF and RBF have no built-in mechanism to learn the information necessary for filtering in case of asymmetric routing, multipath routing and route changes, all of which are common in today's Internet. We present the design and evaluation of the Clouseau system, which autonomously harvests the needed information from transit traffic and updates it promptly upon a route change. The information is inferred by filters applying randomized drops to TCP data traffic, which arrives from suspicious or previously unknown sources, and observing subsequent retransmissions. No communication is required with packet sources or other filters, which makes Clouseau suitable for partial deployment. We show through NS-2 simulations and experiments with a Clouseau prototype that the operation cost is reasonable and the legitimate TCP connections do not experience large delays because of randomized drops. The inference process is resilient to subversion by an attacker who is familiar with Clouseau.