nanog mailing list archives
RE: DDOS anecdotes
From: woods () weird com (Greg A. Woods)
Date: Sat, 23 Jun 2001 16:13:51 -0400 (EDT)
[ On Saturday, June 23, 2001 at 15:13:34 (-0400), Daniel Senie wrote: ]
Subject: RE: DDOS anecdotes .... Has anyone at any of the cable modem vendors made any attempts to try ingress filtering in the cable system head-end routers?
If I'm not mistaken Rogers@Home is blocking spoofed source addresses on at least part of their network here in Toronto. At least the last time my home network's routing and NAT configuration broke down I noted that asymmetrical routing over my cable modem didn't work any more (where it used to work in the past). My particular cable modem is a Terayon TeraJet. I believe Rogers have implemented their filtering in the head-end gear, but maybe not directly in the Terayon gateway box (and definitely not in the Teralinks). The gateway box can do some filtering IIRC, but is't not really much of a powerhouse for such "add-on" functionality. I'd guess that they've actually implemented the filters in whatever routers they use to join their network segments. One of the smaller cable ISPs I work with hasn't yet implemented anti-spoof filtering, though it's definitely on the todo list. They've not had any known problem with DDoS that I know of though (just "owned" boxes initiating the odd scan). Of course they've still got a very small (but growing) customer base.
Did it work?
I don't know if it's helped Rogers@Home prevent/reduce DDoS from their network or not, but it certainly pointed out my configuration problem quickly! ;-) -- Greg A. Woods +1 416 218-0098 VE3TCP <gwoods () acm org> <woods () robohack ca> Planix, Inc. <woods () planix com>; Secrets of the Weird <woods () weird com>
Current thread:
- Re: peering requirements (Re: DDOS anecdotes), (continued)
- Re: peering requirements (Re: DDOS anecdotes) Paul A Vixie (Jun 26)
- Re: peering requirements (Re: DDOS anecdotes) Randy Bush (Jun 26)
- Re: peering requirements (Re: DDOS anecdotes) Paul A Vixie (Jun 26)
- Re: peering requirements (Re: DDOS anecdotes) Randy Bush (Jun 26)
- Re: peering requirements (Re: DDOS anecdotes) Paul A Vixie (Jun 26)
- Re: peering requirements (Re: DDOS anecdotes) Randy Bush (Jun 26)
- Re: peering requirements (Re: DDOS anecdotes) Paul A Vixie (Jun 26)
- Re: peering requirements (Re: DDOS anecdotes) Randy Bush (Jun 26)
- Re: peering requirements (Re: DDOS anecdotes) Hank Nussbacher (Jun 27)
- Message not available
- RE: DDOS anecdotes Daniel Senie (Jun 23)
- RE: DDOS anecdotes Greg A. Woods (Jun 23)
- Re: DDOS anecdotes Michael Painter (Jun 23)
- Re: DDOS anecdotes Paul Vixie (Jun 23)
- Re: DDOS anecdotes Roland Dobbins (Jun 23)
- Re: DDOS anecdotes Jonas Luster (Jun 23)
- RE: DDOS anecdotes Jason Lewis (Jun 23)
- RE: DDOS anecdotes mike harrison (Jun 24)
- Re: DDOS anecdotes David Howe (Jun 24)
- Re: DDOS anecdotes Michael Painter (Jun 23)
- Exodus Down mike harrison (Jun 23)
- Re: Exodus Down Andy Bradford (Jun 23)