On Oct 22, 2016 5:11 PM, "Mark Andrews" <marka@isc.org> wrote:

One way to deal with this would be for ISP's to purchase DoS attacks against their own servers (not necessarially hosted on your own network) then look at which connections from their network attacking these machines then quarantine these connections after a delay period so that attacks can't be corollated with quarantine actions easily.

This doesn't require a ISP to attempt to break into a customers machine to identify them. It may take several runs to identify most of the connections associated with a DoS provider.

Josh Reynolds writes:

And then what?

--- marka@isc.org wrote: From: Mark Andrews <marka@isc.org> They get in someone to clean up their network. When they say it is clean you reconnect them. If this happens more often than once a year you charge them a months fees per additional incident. Have the year timer start when reconnect is requested. You give them what data you have to backup the claim. -------------------------------------------------- I invoke randy's "i encourage my competitor's to do this". scott