Blocking worms/ddos for customer for free?
Hello, Currently, on our ingress, we block spoofed packets, common worms/trojans ports. We do that for all of our customers(residential DSL, Dial-up, Corporate DSL, and the data center hosted websites/servers), however, For me there are 2 ways to look at it, if i leave these worms to come in, they would consume our bandwidth and CPU, and on the other hand, it looks like we're giving a free service, which in a way uses up our resources, Its the same for DDoS, if i stop it for a customer, i'm giving him a free a service, if i dont, its gonna wreck my network. Personally, i block the illegitimate packets out of my network(egress) but thats because i owe this to the internet community, even if i am not getting paid for it. I would like to know other providers policy about this?
We have bogon filters in place to filter ingress traffic from our upstreams. As for blocking worms and other nasties our views have changed with the increasingly hostile climate... In the past we have taken the approach that a "service provider" should do exactly that - provide service. Since we didn't offer a managed firewall service it was the responsiblity of our customers to protect themselves and others from their infected machines. At the risk of pouring gas on the fire, I think we're all aware of how well this works in the face of Blaster, Nachi, Code Red, and others. As it stands now, we attempt to block this type of traffic before it enters our network where possible. Not because we want to protect the 65 year-old retired school teacher who just signed up for his first DSL account with no firewall, no antivirus software, etc. Our focus is strictly to protect our access and distribution routers from having to deal with the flood of unnecessary collateral traffic associated with Grandpa** and his new fandangled internet thingy. -- It's not easy juggling a pregnant wife and a troubled child, but somehow I still manage to squeeze in 8 hours of TV a day. - Homer Simpson Daniel Evans On Mon, 6 Dec 2004 21:46:04 +0200 Kim Onnel <karim.adel@gmail.com> wrote:
Hello,
Currently, on our ingress, we block spoofed packets, common worms/trojans ports.
We do that for all of our customers(residential DSL, Dial-up, Corporate DSL, and the data center hosted websites/servers), however,
For me there are 2 ways to look at it, if i leave these worms to come in, they would consume our bandwidth and CPU, and on the other hand, it looks like we're giving a free service, which in a way uses up our resources,
Its the same for DDoS, if i stop it for a customer, i'm giving him a free a service, if i dont, its gonna wreck my network.
Personally, i block the illegitimate packets out of my network(egress) but thats because i owe this to the internet community, even if i am not getting paid for it.
I would like to know other providers policy about this?
participants (2)
-
Daniel J. Evans -
Kim Onnel