[38942] in North American Network Operators' Group
Re: Few questions to the american ISPs [Re: DDOS anecdotes]
daemon@ATHENA.MIT.EDU (Alexei Roudnev)
Sat Jun 23 21:47:52 2001
Message-ID: <011d01c0fc4e$812c8100$9eb431c6@oemcomputer>
From: "Alexei Roudnev" <alex@relcom.EU.net>
To: "Christopher A. Woodfield" <rekoil@semihuman.com>
Cc: <nanog@merit.edu>, "Sean M. Doran" <smd@clock.org>
Date: Sat, 23 Jun 2001 18:39:25 -0700
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Errors-To: owner-nanog-outgoing@merit.edu
Yes.
But 99% of the cable/provbider customers are residential ones, and so are not
multy-home, so simple
_SRC filtering by default_ implemented by the hw vendor can help.
And notice, thet this _cable residential users_ are most affected to the hackers
because they areusially non-skilled and non-professionals, and so it's very
important to prevent hackers from abusing them at least as a source for the DDOS
attacks.
(and for me the weakness of this customers looks like a great danger - they really
are very affected to be broken and abused, and (on the other hand) they make a
bridge to the more serious hacking because they have some passwords/logins on
their home sites).
----- Original Message -----
From: "Christopher A. Woodfield" <rekoil@semihuman.com>
To: "Alexei Roudnev" <alex@relcom.EU.net>
Cc: <nanog@merit.edu>; "Sean M. Doran" <smd@clock.org>
Sent: Saturday, June 23, 2001 5:56 PM
Subject: Re: Few questions to the american ISPs [Re: DDOS anecdotes]
> At a conference in late 1999, UUNet announced that they had anti-spoof
> filters in place on their dialup ports. Not that that amount to much in
> contrast to teh amount of spoofed DDOS traffic from cable providers, mind
> you...IIRC, it's the cable providers that need to put up the anti-spoofing
> filters the most.
>
> -C
>
> > - any big ISP have skilled security person available. When I worked in Russia,
it
> > took 10 - 15 minutes to contact your ISP and install such filters; for EUnet,
it
> > took 20 minutes; for TELIA, it was the same. For any amertican ISP, it took a
week
> > (UUnet was an exception)...
> > - all cable providers will have src address filters, so preventing src address
> > frauding.
> >
>
> --
> ---------------------------
> Christopher A. Woodfield rekoil@semihuman.com
>
> PGP Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xB887618B
>
