On 22/01/2008, at 7:30 PM, Mikael Abrahamsson wrote:
I am also hesitant regarding billing when a person is being DDOS:ed. How is that handled in .AU? I can see billing being done on outgoing traffic from the customer because they can control that, but what about incoming, the customer has only partial control over that.
It isn't hard. For a start, there are only one or two providers where customers ever get excess bills, so we aren't really talking about "billing when a person is being DDOS'ed", we're talking about "rate- limiting after a person has been DDOS'ed." On the rare occasion when it happens, the ISPs who aren't bastards are usually understanding enough to back out measurements which are DDOS related. Whether or not your ISP is a bastard is one of the factors you'd use to determine which ISP is offering a package that fits your needs in a competitive environment. In my observation, customers who are repeatedly DDOS'ed are usually doing something to provoke it. I don't think I've ever seen an instance where a DDOS'ed customer has had a repeat occurrance after that datapoint is illuminated for them. - mark -- Mark Newton Email: newton@internode.com.au (W) Network Engineer Email: newton@atdot.dotat.org (H) Internode Systems Pty Ltd Desk: +61-8-82282999 "Network Man" - Anagram of "Mark Newton" Mobile: +61-416-202-223