Yes. But 99% of the cable/provbider customers are residential ones, and so are not multy-home, so simple _SRC filtering by default_ implemented by the hw vendor can help. And notice, thet this _cable residential users_ are most affected to the hackers because they areusially non-skilled and non-professionals, and so it's very important to prevent hackers from abusing them at least as a source for the DDOS attacks. (and for me the weakness of this customers looks like a great danger - they really are very affected to be broken and abused, and (on the other hand) they make a bridge to the more serious hacking because they have some passwords/logins on their home sites). ----- Original Message ----- From: "Christopher A. Woodfield" <rekoil@semihuman.com> To: "Alexei Roudnev" <alex@relcom.EU.net> Cc: <nanog@merit.edu>; "Sean M. Doran" <smd@clock.org> Sent: Saturday, June 23, 2001 5:56 PM Subject: Re: Few questions to the american ISPs [Re: DDOS anecdotes]
At a conference in late 1999, UUNet announced that they had anti-spoof filters in place on their dialup ports. Not that that amount to much in contrast to teh amount of spoofed DDOS traffic from cable providers, mind you...IIRC, it's the cable providers that need to put up the anti-spoofing filters the most.
-C
- any big ISP have skilled security person available. When I worked in Russia, it took 10 - 15 minutes to contact your ISP and install such filters; for EUnet, it took 20 minutes; for TELIA, it was the same. For any amertican ISP, it took a week (UUnet was an exception)... - all cable providers will have src address filters, so preventing src address frauding.
-- --------------------------- Christopher A. Woodfield rekoil@semihuman.com
PGP Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xB887618B