On Thu, May 02, 2002 at 04:45:43AM +0000, Christopher L. Morrow wrote:
On Wed, 1 May 2002, Wojtek Zlobicki wrote:
Where are providers drawing the line ? Anyone have somewhat detailed published policies as to what a provider can do in order to protect their nework as a whole. At what point (strength of the attack) does a customers netblock (assuming a /24 for example) get null routed by whichever party.
Most providers likely have a policy similar to: "I can't sacrafice 1 my network for 1 customer". So, if the attack is sufficient to degrade service on the ISP network most likely the customer under attack will get null routed.
Are you saying UUnet, assuming for a sec that I am a customer of UUnet (just for the sake of the argument), UU will not null route my ircd if it it gets attacked on regular basis, say *daily* ? Furthermore you are going to consistently place filters on your routers, take them out within the 24h (or whatever then-current policy of UUnet is) and track attacks back to their sources within the boundaries of your backbone on a daily basis? ;) Will you do that for say a regular T1 customer or do I need more "commitment" as sales droids like to put it, to even consider such a service ? ;)
Hmm, perhaps FIRST customers should insist that their ISP have some 24/7 security contact that can actually help in the case of an attack. Today there are very few that have this capability. I'd say from personal experience that the number is way too small, even in the 'large' ISP arena :(
More pressure from customers for real security would be a good start.
sigh, tried and failed, miserably I might add. -Basil