more on IP source filtering...

• Previous message (by thread): Few questions to the american ISPs [Re: DDOS anecdotes]
• Next message (by thread): anti-spoofing filters
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

At 21:39 23/06/01, Alexei Roudnev wrote:

>Yes.
>
>But 99% of the cable/provbider customers are residential ones, 
>and so are not multy-home, so simple _SRC filtering by default_ 
>implemented by the hw vendor can help.

        It doesn't prevent DDOS attacks that use legitimate
source IP addresses, such as the GRC case outlines.

        I'll note that the cisco uBR-72xx is by far the most commonly
deployed DOCSIS cable router these days.  It has an RPF check
that works just fine.  That check is enabled in deployed systems,
by at least the leading cable ISP, or so I'm told reliably.

>And notice, thet this _cable residential users_ are most affected 
>to the hackers because they areusially non-skilled and non-professionals, 
>and so it's very important to prevent hackers from abusing them 
>at least as a source for the DDOS attacks.

        When a cable ISP tries to filter out common attacks, folks
verbally and in print flame the cable ISP for putting in such filters.
Watched that one several times now.

Ran

• Previous message (by thread): Few questions to the american ISPs [Re: DDOS anecdotes]
• Next message (by thread): anti-spoofing filters
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]