North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: DDOS anecdotes

  • From: Greg A. Woods
  • Date: Sat Jun 23 16:18:29 2001

[ On Saturday, June 23, 2001 at 15:13:34 (-0400), Daniel Senie wrote: ]
> Subject: RE: DDOS anecdotes
>
> .... Has anyone 
> at any of the cable modem vendors made any attempts to try ingress 
> filtering in the cable system head-end routers?

If I'm not mistaken [email protected] is blocking spoofed source addresses on
at least part of their network here in Toronto.  At least the last time
my home network's routing and NAT configuration broke down I noted that
asymmetrical routing over my cable modem didn't work any more (where it
used to work in the past).

My particular cable modem is a Terayon TeraJet.  I believe Rogers have
implemented their filtering in the head-end gear, but maybe not directly
in the Terayon gateway box (and definitely not in the Teralinks).  The
gateway box can do some filtering IIRC, but is't not really much of a
powerhouse for such "add-on" functionality.  I'd guess that they've
actually implemented the filters in whatever routers they use to join
their network segments.

One of the smaller cable ISPs I work with hasn't yet implemented
anti-spoof filtering, though it's definitely on the todo list.  They've
not had any known problem with DDoS that I know of though (just "owned"
boxes initiating the odd scan).  Of course they've still got a very
small (but growing) customer base.

> Did it work?

I don't know if it's helped [email protected] prevent/reduce DDoS from their
network or not, but it certainly pointed out my configuration problem
quickly!  ;-)

-- 
							Greg A. Woods

+1 416 218-0098      VE3TCP      <[email protected]>     <[email protected]>
Planix, Inc. <[email protected]>;   Secrets of the Weird <[email protected]>