North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: more on IP source filtering...
At 21:39 23/06/01, Alexei Roudnev wrote: >Yes. > >But 99% of the cable/provbider customers are residential ones, >and so are not multy-home, so simple _SRC filtering by default_ >implemented by the hw vendor can help. It doesn't prevent DDOS attacks that use legitimate source IP addresses, such as the GRC case outlines. I'll note that the cisco uBR-72xx is by far the most commonly deployed DOCSIS cable router these days. It has an RPF check that works just fine. That check is enabled in deployed systems, by at least the leading cable ISP, or so I'm told reliably. >And notice, thet this _cable residential users_ are most affected >to the hackers because they areusially non-skilled and non-professionals, >and so it's very important to prevent hackers from abusing them >at least as a source for the DDOS attacks. When a cable ISP tries to filter out common attacks, folks verbally and in print flame the cable ISP for putting in such filters. Watched that one several times now. Ran