PenTeleData - PenTeleData

Tuesday, June 18th - 6:05 P.M.

Home
Products & Services
- Business Class Broadband Internet Service
- Docsis 3.0
- Web Hosting & Development
- Dedicated Ethernet Services
- Product Papers
- Computer Patrol ®
- Industry Solutions
- Security
- Networking Solutions
- Managed Services
- Additional Internet Services
- ListServ Questionaire
Commercial Support
- Speed Test
- Login to S.M.A.R.T. Customer Interface
- Managed Web and E-mail Services
- Commercial Internet AUP
- Billing Terms and Conditions
- Broadband Internet Access
- Dedicated Line Internet Access
- Multi-Tenant EtherPoint
About PenTeleData
- Customer Testimonials
- Network Map
- Access Numbers
- TV Spots
- Employment Opportunities
- Mission Statement
- Our Partners
News
- Email Announcements
- Sponsorships & Charities
- PenTeleData Chat Newsletters
Specials
- $100 Referral Program
- Advertising Specials
Industry News
Contact Us

Anti-Spoofing Filters

Q: What are anti-spoofing filters?

A: Anti-spoofing filters are IP access-lists configured on PenTeleData core routers that are designed to prevent PenTeleData customers from sending IP traffic with a source address that was not explicitly assigned to that customer (spoofing). For example, if a cable modem customer's IP address is 24.229.0.1, and he sends traffic to the Internet with a source address of 10.0.0.1, he is spoofing that traffic.

Q: Why does PenTeleData implement these filters?

A: Spoofing is a common way for malicious activity to be disguised on the Internet. It is used to mask the real source of traffic or to impersonate another user by assuming the IP address of their computer. Implementing anti-spoofing filters helps us to ensure that if malicious activity is carried out on the PenTeleData network, we can always track it back to its source.

Q: How is PenTeleData implementing anti-spoofing filters?

A: First, PenTeleData is using a technology called Reverse Path Forwarding (RPF). RPF performs a test on every packet we receive from a customer to ensure that that packet is coming from an IP address that was explicitly assigned to that customer. If the packet fails the test, it is logged and discarded. Second, PenTeleData uses standard Access Control Lists to filter traffic based on its source and destination IP addresses.

Q: What implications do these filters have to me?

A: If a user is not generating traffic from an IP address that was not explicitly assigned to the user by PenTeleData, then the filters will be completely transparent to that user. However, in some circumstances, a network may be operating asymmetrically. This type of network operation will require special exceptions to be made to PenTeleData's anti-spoofing filters.

Q: What is asymmetrical routing and how is it affected by anti-spoofing filters?

A: Asymmetric routing occurs when an IP packet can leave via one network connection, but have its response return via a separate connection. Normal anti-spoofing filters rely on the fact that traffic generally enters and leaves a customer's network via the same connection. In some cases, such as with dual-homed customers or customers using a satellite feed, their traffic will behave asymmetrically. In this case, the customer must contact PenTeleData to arrange for their anti-spoofing filters to be modified to allow this network behavior. Please note that exceptions to our anti-spoofing rules will only be made for dedicated, hi-capacity, commercial Internet users.