On Tue, Apr 02, 2002 at 10:06:58AM -0800, Livio Ricciulli wrote:
Is anyone aware of a process for claiming a deduction in charges when fees are associated with a flooding attack?
In particular, attacks may push up the 95% usage or (more commonly) attacks may create prolonged loss of network availability; Both outcomes may result in a claim for deduction.
This goes to big-boys - it's easier to kick the customer out then to deal with it, especially if you're running an irc server or similar things like customers hosting shells/bots/etc.
Has anyone ever dealt with something like this? How is this handled today? What evidence or proof has to be provided to get the deductions (if any)?
In general, if you say commit to say 20-30Mbps+ on 95th % up to 100Mbps burstable, they will ask how often those attacks happen, if it's <5-10 a month, then it's nothing, regardless how hard you get hit, just make sure to give them a call and request filters if it's above your 95th % line. If you get 5+ weekly or *daily* and if NSP cannot put some semi-permanent solution, other than some pathetic 24h policy or alike, then eventually they *will* stop working with you. They have other customers and issues attend to and they will not break the 24h-acl policy rule for just one customer. If those attacks overrun their pipes or cpu in routers, thus causing the downtime, downtime = SLA credits to other customers; and if they can't work with their peers/transits or peers/transits refuse to work with your NSP, then at some point they will stop working with you or/and kick you out per contract/AUP - been there, done that. Of the top of my head, not UUnet, C&W, Sprint, Genuity, Exodus, Globix, Verio, to name a few, will go thus far to fix the billing issue, they have different chain of people working at each level/department, they might bend once but that's as far as it goes. 9 out of 10 times they'll ask you to commit to more transit or/and get a flat pipe. It's about making $ at the end, always, never forget. -Basil