Re: Inter-provider communications (Re: nobody @home)
On Sun, 21 Jan 2001, Richard A. Steenbergen wrote:
On Sun, Jan 21, 2001 at 11:11:55AM -0800, Patrick Greenwell wrote:
One large provider of hosting services who shall remain nameless in the hopes they will become more helpful through private discussion recently told one of my clients that placing RFC-1918 filters within their borders(the client was being DDOS'd in part from machines within that providers network) was "against policy" and they wouldn't do it.
I shudder to think what they tell non-customers(if they even talk to them at all.)
How would placing RFC1918 filters on that providers borders
I said "within" not "on". To their credit the do have filters on their borders.
In all fairness, many large providers have a legitimate point when refusing to deploy just any customer-request filter.
Sure, but I'd hardly characterize this as some random request for just any customer-requested filter. They(the client) were undergoing a pretty significant DDOS attack in part being accomplished from within their(the hosting providers) network against another customer within their network, and the request (RFC-1918 filtering) isn't vodoo.
With most large hosting providers, what cisco markets as "core" routers are required for customer aggregation. ACLs can have a serious impact on performance and stability on these routers. And deploying filters "on their borders" is a time consuming, performance impacting, perl-powered mess.
Huh? First, see above regarding "within" and "on." Second, RFC-1918 filtering is hardly a "time-consuming", "perl-powered" mess.
Why should they go through this for your 1Mbps of normal paid traffic just so you can get on irc and taunt the packet kids with your "large provider filters"?
The client in question pushes a near constantly sustained 100Mbit and has no need, desire, and would see no value in tauting script kiddies on IRC. They're an attractive target simply because they are a high-profile site. If a provider won't help their own paying customers, what chance is their that they are going to help anyone that isn't their customer? Awaiting obligatory comments about moving away from said provider, SLAs, etc.... :-)
Patrick Greenwell wrote:
If a provider won't help their own paying customers, what chance is their that they are going to help anyone that isn't their customer?
I'm just waiting for one of the big NSPs to be sued due to complicity in an attack. That, essentially, is what we're dealing with. -- Steve Sobol, BOFH, President 888.480.4NET 866.DSL.EXPRESS 216.619.2NET North Shore Technologies Corporation http://NorthShoreTechnologies.net JustTheNet/JustTheNet EXPRESS DSL (ISP Services) http://JustThe.net mailto:sjsobol@NorthShoreTechnologies.net Proud resident of Cleveland, Ohio
participants (2)
-
Patrick Greenwell
-
Steve Sobol