nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: more on IP source filtering...

From: RJ Atkinson <rja () inet org>
Date: Sat, 23 Jun 2001 22:04:36 -0400

At 21:39 23/06/01, Alexei Roudnev wrote:


Yes.

But 99% of the cable/provbider customers are residential ones, 
and so are not multy-home, so simple _SRC filtering by default_ 
implemented by the hw vendor can help.


        It doesn't prevent DDOS attacks that use legitimate
source IP addresses, such as the GRC case outlines.

        I'll note that the cisco uBR-72xx is by far the most commonly
deployed DOCSIS cable router these days.  It has an RPF check
that works just fine.  That check is enabled in deployed systems,
by at least the leading cable ISP, or so I'm told reliably.


And notice, thet this _cable residential users_ are most affected 
to the hackers because they areusially non-skilled and non-professionals, 
and so it's very important to prevent hackers from abusing them 
at least as a source for the DDOS attacks.


        When a cable ISP tries to filter out common attacks, folks
verbally and in print flame the cable ISP for putting in such filters.
Watched that one several times now.

Ran
Previous By Date Next
Previous By Thread Next

Current thread: