On Thu, 28 Aug 2003, David Schwartz wrote:
The point is that 'usage' is supposed to be 'what you use', not what somebody else uses. 'My' traffic is the traffic I want, not the traffic you try to give me that I don't want.
Okay but in Internet terms the receiver usually pays for the traffic without necessarily initiating it, this is different from everyday experience of FedEx-ing a parcel or making a telephone call in which it is the sender who picks up the charge. This isnt really a quesion its more a statement of fact..
I don't want to avoid it, I just don't want to be charged for what I do not want.
Which is a natural enough reaction but you dont necessarily get what you want :) I cant see any ISP negotiating a transit contract which takes account of unwanted traffic, apart from the fact that there is a real cost which has to be borne somewhere (I previously suggested if they didnt charge you the Mbs they would just increase the $$$s to compensate) its just too complicated from a billing point of view to work this out.
Suppose, for example, my provider's network management scheme pings my end of the link every once in a while to see if the link is up. Suppose further this ping made a dent in my bill, so the provider decides to ping more often, say five times a second with large packets to be *sure* the link is reliable. Do you seriously think it's reasonable for me to pay for this traffic?
That would be deliberate on the providers part and I'm sure some lawyer would be able to put up a case for fraud.. thats not what we're talking about tho. If it was required legitimately that would be different but in which case you could make appropriate direct or indirect deductions to your costs.
There is no limit to how long a DoS attack can last. And your provider has no incentive to trace/filter if he gets a major profit if he can just make that attack last a few more hours.
Indeed, and I'd be annoyed if my provider deliberately allowed this to happen, I'd probably shut down my connection to them and find some relevant contractual clause before demanding credit or legal action. I cant imagine they'd last too long doing this to everyone! That said however, my own experience of big providers (no names but one of whose name has been praised quite a lot recently on this list) is that their abuse team were completely useless.
By definition, anything two parties agree to with full knowledge is fair to both of them. How DoS attacks are handled should be part of the negotiation of any ISP/customer agreement. However, for many of the contracts I've seen the contract was silent and ambiguous.
True, but this is the nightmare legal world we're in, DoS attacks have tended not to disrupt billing and we assume we wont be charged but you're right, these days you have to explicitly mitigate for all possibilities..
For a 95 percentile agreement, it's reasonable for the customer to take responsibility for DoS traffic until he makes a request to the provider's NOC. It's also reasonable for the provider to charge a fixed 'incident fee' for each attack that requires NOC and network resources. It is not reasonable for the incentive structure to reward the NOC for doing nothing and penalize them for any attempt to help.
Sounds like the start for a whole new discussion topic.. :) Steve