<div dir="ltr"><div><div><div><div>The customer/the ISP can purchase specialized firewalls to defend against DOS/DDOS attacks.<br></div><div><br></div>The subject of the attack can try to approach the local police and in some cases they will work on taking down the botnet, see for instance Dutch police, FBI and other European forces spending time on these cases.<br>
<br></div>But unless your friend shows that he is taking serious steps to prevent this type of thing in the future no ISP has to allow him onto their network, there are ISPs that specialize in hosting sites that are prone to being attacked but the price is obviously accordingly.<br>
<br></div>Regards,<br></div>Eliyahu - אליהו<br></div><div class="gmail_extra"><br><br><div class="gmail_quote">2013/1/26 Jonathan Ben Avraham <span dir="ltr"><<a href="mailto:yba@tkos.co.il" target="_blank">yba@tkos.co.il</a>></span><br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi Shimi,<br>
You are suggesting that there is no recourse to DDOS attacks, that Israelis are fair game for foreign attacks and it is no one's business except for the victim.<br>
<br>
The ISP does need to "suffer" in this case, in that the ISP has allowed an act of war to be committed through his service. I see little difference between this and the cab drivers who transport illegal workers from the Palestinian territories to jobs in Israel. We require the drivers to take some responsibility for whom they transport.<br>
<br>
I am suggesting that ISP's be charged with some level responsibility for investigating and reporting these attacks. That's in the national interest. I suspect that in the cases of large institutions, even non-governmental institutions such as banks, that there is in fact some national response, but that this protection is not currently extended to smaller players. If a rocket hit's your home you get some protection at the national level. If a DDOS attack from a hostile government attacks your business, it's not in the national interest to provide some level of protection?<br>
<br>
- yba<br>
<br>
<br>
On Sat, 26 Jan 2013, shimi wrote:<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Date: Sat, 26 Jan 2013 20:20:30 +0200<br>
From: shimi <<a href="mailto:linux-il@shimi.net" target="_blank">linux-il@shimi.net</a>><br>
To: Jonathan Ben Avraham <<a href="mailto:yba@tkos.co.il" target="_blank">yba@tkos.co.il</a>><br>
Cc: ILUG <<a href="mailto:linux-il@cs.huji.ac.il" target="_blank">linux-il@cs.huji.ac.il</a>><br>
Subject: Re: [OT somewhat] DDOS attacks, where to report?<div><div class="h5"><br>
<br>
<br>
On Sat, Jan 26, 2013 at 7:55 PM, Jonathan Ben Avraham <<a href="mailto:yba@tkos.co.il" target="_blank">yba@tkos.co.il</a>> wrote:<br>
Dear Linux-IL colleagues,<br>
An associate of mine who runs a hosting service has been the victim of persistent DDOS attack, apparently from botnets that are mainly located on other countries.<br>
<br>
His Israeli service providers have responded to these attacks by cutting off his service.<br>
<br>
Is there someone in ISOC-IL<br>
<br>
<br>
Don't know (even if they would, what power do they have? besides being the .il domain registration expensive monopoly....)<br>
<br>
or the police who will take a complaint seriously?<br>
<br>
<br>
They most probably won't. Not to mention that even if they would, you can't police foreign countries. You need Interpol. Do you think that's gonna happen?<br>
<br>
I suggested that he file a complaint with the police, then with the copy of the complaint in-hand ask his attorney to call the service providers to demand restoration of service.<br>
<br>
<br>
Did he read his contract? Did he notice "if the customer becomes a detriment to the network..." clause?<br>
<br>
Does his ISP need to suffer because of his business? Bandwidth cost their money. Denial of service can cause issues to other customers, and ISP might be hurt financially via lawsuits from said customers. Will he compensate ISP for that?<br>
<br>
What needs to be the threshold? Does the ISP needs to continue giving him service if the whole ISP gets down for 4 hours, like happened last Tuesday to 012?<br>
<br>
-- Shimi<br>
<br>
<br>
</div></div></blockquote><div class="HOEnZb"><div class="h5">
<br>
-- <br>
EE 77 7F 30 4A 64 2E C5 83 5F E7 49 A6 82 29 BA ~. .~ Tk Open Systems<br>
=}----------------------------<u></u>--------------------ooO--U--<u></u>Ooo------------{=<br>
- <a href="mailto:yba@tkos.co.il" target="_blank">yba@tkos.co.il</a> - tel: <a href="tel:%2B972.2.679.5364" value="+97226795364" target="_blank">+972.2.679.5364</a>, <a href="http://www.tkos.co.il" target="_blank">http://www.tkos.co.il</a> -</div>
</div><br>_______________________________________________<br>
Linux-il mailing list<br>
<a href="mailto:Linux-il@cs.huji.ac.il">Linux-il@cs.huji.ac.il</a><br>
<a href="http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il" target="_blank">http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il</a><br>
<br></blockquote></div><br></div>