On Sun Sep 18, 2016 at 03:58:57PM +0200, Florian Weimer wrote:
* Tom Beecher:
Simon's getting screwed because he's not being given any information to try and solve the problem, and because his customers are likely blaming him because he's their ISP.
We don't know that for sure. Another potential issue is that the ISP just cannot afford to notify its compromised customers, even if they were able to detect them.
I'd like to think that we're pretty responsive to taking our users offline when they're compromised and we're made aware of it - either through our own tools, or through 3rd party notifications. The process with Sony goes something like: - User reports they can't reach PSN - We report the Sony/PSN, they say "Yes, it's blocked because that IP attacked us" - We say "Okay, that's a CGNAT public IP, can you help us identify the which inside user that is - (timestamp,ip,port) logs, or some way to identify the bad traffic so we can look for it ourselves" - Sony say no, either through silence, or explicitly. - We have unhappy user(s), who blame us. Simon