Service providers are increasingly using ingress filtering to block access to vulnerable protocols on customers’ devices or for blocking badly-routed data packets.
In June, for example, Telstra started rolling out Resource Public Key Infrastructure (RPKI) Route Origin Authorisations (ROAs) to certify the truth of routing messages transmitted by the Border Gateway Protocol (BGP).
The telco has since completed that deployment across all IP addresses in Autonomous System Number AS1221, and work is underway on AS4637.
“This basically means we have now deployed RPKI Origin Validation into Telstra’s domestic network … dropping invalids [incorrectly routed packets] from our upstream, peer and customer networks,” a Telstra spokesperson told ZDNet.
“Deployment activities continue in our International networks,” they said.
Telstra has also been working on its Cleaner Pipes initiative, which uses DNS filtering to block malware communications across its network.
Such active cyber defence programs have been gaining increasing support in Australia.