[ On Saturday, June 23, 2001 at 15:13:34 (-0400), Daniel Senie wrote: ]
Subject: RE: DDOS anecdotes
.... Has anyone at any of the cable modem vendors made any attempts to try ingress filtering in the cable system head-end routers?
If I'm not mistaken Rogers@Home is blocking spoofed source addresses on at least part of their network here in Toronto. At least the last time my home network's routing and NAT configuration broke down I noted that asymmetrical routing over my cable modem didn't work any more (where it used to work in the past). My particular cable modem is a Terayon TeraJet. I believe Rogers have implemented their filtering in the head-end gear, but maybe not directly in the Terayon gateway box (and definitely not in the Teralinks). The gateway box can do some filtering IIRC, but is't not really much of a powerhouse for such "add-on" functionality. I'd guess that they've actually implemented the filters in whatever routers they use to join their network segments. One of the smaller cable ISPs I work with hasn't yet implemented anti-spoof filtering, though it's definitely on the todo list. They've not had any known problem with DDoS that I know of though (just "owned" boxes initiating the odd scan). Of course they've still got a very small (but growing) customer base.
Did it work?
I don't know if it's helped Rogers@Home prevent/reduce DDoS from their network or not, but it certainly pointed out my configuration problem quickly! ;-) -- Greg A. Woods +1 416 218-0098 VE3TCP <gwoods@acm.org> <woods@robohack.ca> Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>