[OT somewhat] DDOS attacks, where to report?

[OT somewhat] DDOS attacks, where to report?

Jonathan Ben Avraham yba at tkos.co.il
Sat Jan 26 23:39:05 IST 2013 

Hi Eliyahu,
See inlines below.

On Sat, 26 Jan 2013, E.S. Rosenberg wrote:

> Date: Sat, 26 Jan 2013 23:22:18 +0200
> From: E.S. Rosenberg <esr+linux-il at g.jct.ac.il>
> To: Jonathan Ben Avraham <yba at tkos.co.il>
> Cc: ILUG <linux-il at cs.huji.ac.il>
> Subject: Re: [OT somewhat] DDOS attacks, where to report?
> 
> Why should the ISP have that responsibility?
> 
> They are as far as most of us are concerned not even supposed to do DPI (deep packet inspection) and without DPI they have almost no way of telling the difference between a site that is under attack and a site that just posted something that is so
> popular that everyone is going there also effectively DDOS'ing...


Once the user reports the crime to the ISP, does the ISP then have any 
responsibility to report the crime, like other crimes?


> The responsibility to go to the authorities lies squarly with the victim, elthough you might expect some good citizenship from the ISP if they signal illegal activities they still have a very hard time telling the legit from the illegitimate
> traffic.


This is not true in general under Israeli law, as I have found out myself 
from unfortunate personal experience. See 
http://he.wikipedia.org/wiki/%D7%90%D7%99_%D7%9E%D7%A0%D7%99%D7%A2%D7%AA_%D7%A4%D7%A9%D7%A2


> Also ISPs in Israel don't even bother to put virus affected customers in quarantine where they are blocked from accessing the internet until they clean their computer(s), something which is fairly easy for them to implement and very much in the
> ISPs interest so why would they do more complicated things like dissecting attacks?


Not necessarily analyzing attacks, just reporting them.


> (I know some of the better ISPs outside of Israel do this)
> 
> As far as an example of equipment goes, tweakers.net did a review on an anti DDOS firewall appliance in 2010:
> http://tweakers.net/reviews/1648/riorey-rx1810-how-to-put-a-firewall-through-hell.html
> 
> Such an appliance would iirc not be usefull at the ISP level since it utilizes traffic patterns

Thanks,

  - yba


> Regards,
> Eliyahu - אליהו
> 
> 
> 2013/1/26 Jonathan Ben Avraham <yba at tkos.co.il>
>       Hi Shimi,
>
>       Thanks.
>
>       What I am trying to find out is if there are any Israeli ISP's that actually offer protection against DDOS attacks and if there is any stated public policy on such attacks. For example, is there a legal requirement for individuals or
>       ISP's to report such crimes as there is with other crimes? Does the government view the liability for damages resulting from such attacks as a private responsibility like burglary or fire insurance even when the attack is committed by
>       an enemy of the state? Is this written anywhere and is there any applicable case law? How big or persistent does a cyber attack have to be for it to be considered a public issue? Or has no one in government ever considered the question?
>
>        - yba
> 
> 
>
>       On Sat, 26 Jan 2013, shimi wrote:
>
>       Date: Sat, 26 Jan 2013 22:11:24 +0200
>       From: shimi <linux-il at shimi.net>
>       To: Jonathan Ben Avraham <yba at tkos.co.il>
> Cc: E.S. Rosenberg <esr+linux-il at g.jct.ac.il>, ILUG <linux-il at cs.huji.ac.il>
> Subject: Re: [OT somewhat] DDOS attacks, where to report?
> 
> On Sat, Jan 26, 2013 at 10:00 PM, Jonathan Ben Avraham <yba at tkos.co.il> wrote:
> 
> 
>             But unless your friend shows that he is taking serious steps to prevent this type of thing in the future no ISP has to allow him onto their network, there are ISPs that specialize in hosting sites that are prone to being
>             attacked but the price is
>             obviously accordingly.
> 
> 
> For example?
> 
> 
> 
> http://www.prolexic.com/services-dos-and-ddos-mitigation.html
> 
> Not a recommendation in any way, just an example.
> 
> -- Shimi
> 
> 
> 
> 
> --
>  EE 77 7F 30 4A 64 2E C5  83 5F E7 49 A6 82 29 BA    ~. .~   Tk Open Systems
> =}------------------------------------------------ooO--U--Ooo------------{=
>      - yba at tkos.co.il - tel: +972.2.679.5364, http://www.tkos.co.il -
> 
> _______________________________________________
> Linux-il mailing list
> Linux-il at cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
> 
> 
> 
>

-- 
  EE 77 7F 30 4A 64 2E C5  83 5F E7 49 A6 82 29 BA    ~. .~   Tk Open Systems
=}------------------------------------------------ooO--U--Ooo------------{=
      - yba at tkos.co.il - tel: +972.2.679.5364, http://www.tkos.co.il -

More information about the Linux-il mailing list