On Tue, Nov 1, 2011 at 1:22 PM, Kevin Loch <kloch@kl.net> wrote:
Christopher Pilkington wrote: We have always accommodated temporary ACL's for active DDOS attacks. I think that is fairly standard across the ISP/hosting industry.
And it's reasonable to accomodate the customer that asks, and reasonable for a customer to ask for a temporary ACL in such situations. However, it's also reasonable for the provider to refuse, and there's nothing wrong with that, unless the provider agreed that they would be willing to do that, and then refused to do something they had already agreed to do. The provider might be especially dissuaded from responding and providing a temporary ACL for free if the DoS is a "small" one based on the provider's definition of small, or if the provider doesn't have or won't allocate the resources to respond, without charging a fee to do so. Or its a cut rate hosting service, and the customer refused to buy the "managed filtering" firewall (or whatever solution). In that case, it's reasonable for the provider to counter the request with "You can buy our such and service, and we will gladly implement that" If this is something you want to be sure you can do, then you should ask the provider about it before signing that colocation contract for IP connectivity, and make sure you have it in writing that the provider will create an ACL on your interface of sufficient length to do what you want.. And be sure you have worked out with the provider how this effects billing in advance. It's quite possible you still have to pay or have said dropped traffic counted against your commit. -- -JH