On Thu, 11 Jul 2002 07:41:46 CDT, "Vachon, Scott" <Scott.VachonPaymentech.com> said:

> or suspension of service would seem unwarranted. Funny, if you are getting
> DOSs'd or Spammed to hell, your ISP won't budge to fix it but, the MPAA
> sends one letter and they threaten to cut you (the customer) off.

There's a distinction here.

If the MPAA sends a letter, your ISP is *legally required* to deal with it or
become liable. On the flip side, the MPAA is usually quite good at pinpointing
the exact IP address, date, and time, so the ISP is able to easily find in its
records which user needs to be smacked upside the head. So it's fairly
easy to deal with technically, and important that they do so.

On the flip side, if you're being DDoS'ed, there's probably packets coming in
at all the ISP's peering and transit points, all converging on your link (that's what
makes a DDoS *work*). A lot of packets probably have forged addresses, and
even if the addresses are valid, they are almost certainly at some OTHER
provider. So now the poor ISP's NOC-monkeys have to try to track down
anywhere from 400 to 18,000 hosts *at other providers*, and get those providers
to do something about it. Loads of fun when the provider is in Australia.

The other option is to start doing funky BGP announcements or start putting
custom ACLs on the router interfaces (both of which can REALLY hose things
up if you make a typo) to just start dropping packets.

Similarly, if you're being spammed or mailbombed, it gets rather "interesting"
to stop the spam and *not* break your regular mail servers (think about it -
if it was easily doable, all the ISPs would do it... ;)

-- 
				Valdis Kletnieks
				Computer Systems Senior Engineer
				Virginia Tech

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Exmh version 2.5 07/13/2001

iD8DBQE9LlOicC3lWbTT17ARAk/gAKD1rGBtgUWp6fqW86zzWxKWBuVv6QCg/dP5 4FhIRueyHSPFJttxNYE/rTY= =2usW -----END PGP SIGNATURE-----

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]