On Thu, 11 Jul 2002 07:41:46 CDT, "Vachon, Scott" <Scott.Vachonat_private> said: > or suspension of service would seem unwarranted. Funny, if you are getting > DOSs'd or Spammed to hell, your ISP won't budge to fix it but, the MPAA > sends one letter and they threaten to cut you (the customer) off. There's a distinction here. If the MPAA sends a letter, your ISP is *legally required* to deal with it or become liable. On the flip side, the MPAA is usually quite good at pinpointing the exact IP address, date, and time, so the ISP is able to easily find in its records which user needs to be smacked upside the head. So it's fairly easy to deal with technically, and important that they do so. On the flip side, if you're being DDoS'ed, there's probably packets coming in at all the ISP's peering and transit points, all converging on your link (that's what makes a DDoS *work*). A lot of packets probably have forged addresses, and even if the addresses are valid, they are almost certainly at some OTHER provider. So now the poor ISP's NOC-monkeys have to try to track down anywhere from 400 to 18,000 hosts *at other providers*, and get those providers to do something about it. Loads of fun when the provider is in Australia. The other option is to start doing funky BGP announcements or start putting custom ACLs on the router interfaces (both of which can REALLY hose things up if you make a typo) to just start dropping packets. Similarly, if you're being spammed or mailbombed, it gets rather "interesting" to stop the spam and *not* break your regular mail servers (think about it - if it was easily doable, all the ISPs would do it... ;) -- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech
This archive was generated by hypermail 2b30 : Fri Jul 12 2002 - 16:58:00 PDT