<div dir="ltr"><div><div><div><div>Why should the ISP have that responsibility?<br><br></div>They are as far as most of us are concerned not even supposed to do DPI (deep packet inspection) and without DPI they have almost no way of telling the difference between a site that is under attack and a site that just posted something that is so popular that everyone is going there also effectively DDOS'ing...<br>
<br></div><div>The responsibility to go to the authorities lies squarly with the victim, elthough you might expect some good citizenship from the ISP if they signal illegal activities they still have a very hard time telling the legit from the illegitimate traffic.<br>
<br></div><div>Also ISPs in Israel don't even bother to put virus affected customers in quarantine where they are blocked from accessing the internet until they clean their computer(s), something which is fairly easy for them to implement and very much in the ISPs interest so why would they do more complicated things like dissecting attacks?<br>
</div><div>(I know some of the better ISPs outside of Israel do this)<br></div><div><br></div>As far as an example of equipment goes, <a href="http://tweakers.net">tweakers.net</a> did a review on an anti DDOS firewall appliance in 2010:<br>
<a href="http://tweakers.net/reviews/1648/riorey-rx1810-how-to-put-a-firewall-through-hell.html">http://tweakers.net/reviews/1648/riorey-rx1810-how-to-put-a-firewall-through-hell.html</a><br><br></div><div>Such an appliance would iirc not be usefull at the ISP level since it utilizes traffic patterns <br>
</div><div><br></div>Regards,<br></div>Eliyahu - אליהו<br></div><div class="gmail_extra"><br><br><div class="gmail_quote">2013/1/26 Jonathan Ben Avraham <span dir="ltr"><<a href="mailto:yba@tkos.co.il" target="_blank">yba@tkos.co.il</a>></span><br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi Shimi,<br>
<br>
Thanks.<br>
<br>
What I am trying to find out is if there are any Israeli ISP's that actually offer protection against DDOS attacks and if there is any stated public policy on such attacks. For example, is there a legal requirement for individuals or ISP's to report such crimes as there is with other crimes? Does the government view the liability for damages resulting from such attacks as a private responsibility like burglary or fire insurance even when the attack is committed by an enemy of the state? Is this written anywhere and is there any applicable case law? How big or persistent does a cyber attack have to be for it to be considered a public issue? Or has no one in government ever considered the question?<div class="im">
<br>
<br>
- yba<br>
<br>
<br>
<br>
On Sat, 26 Jan 2013, shimi wrote:<br>
<br>
</div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Date: Sat, 26 Jan 2013 22:11:24 +0200<div class="im"><br>
From: shimi <<a href="mailto:linux-il@shimi.net" target="_blank">linux-il@shimi.net</a>><br>
To: Jonathan Ben Avraham <<a href="mailto:yba@tkos.co.il" target="_blank">yba@tkos.co.il</a>><br></div>
Cc: E.S. Rosenberg <<a href="mailto:esr%2Blinux-il@g.jct.ac.il" target="_blank">esr+linux-il@g.jct.ac.il</a>>, ILUG <<a href="mailto:linux-il@cs.huji.ac.il" target="_blank">linux-il@cs.huji.ac.il</a>><div class="im">
<br>
Subject: Re: [OT somewhat] DDOS attacks, where to report?<br>
<br></div><div><div class="h5">
On Sat, Jan 26, 2013 at 10:00 PM, Jonathan Ben Avraham <<a href="mailto:yba@tkos.co.il" target="_blank">yba@tkos.co.il</a>> wrote:<br>
<br>
<br>
But unless your friend shows that he is taking serious steps to prevent this type of thing in the future no ISP has to allow him onto their network, there are ISPs that specialize in hosting sites that are prone to being<br>
attacked but the price is<br>
obviously accordingly.<br>
<br>
<br>
For example?<br>
<br>
<br>
<br>
<a href="http://www.prolexic.com/services-dos-and-ddos-mitigation.html" target="_blank">http://www.prolexic.com/<u></u>services-dos-and-ddos-<u></u>mitigation.html</a><br>
<br>
Not a recommendation in any way, just an example.<br>
<br>
-- Shimi<br>
<br>
<br>
<br>
</div></div></blockquote><div class="HOEnZb"><div class="h5">
<br>
-- <br>
EE 77 7F 30 4A 64 2E C5 83 5F E7 49 A6 82 29 BA ~. .~ Tk Open Systems<br>
=}----------------------------<u></u>--------------------ooO--U--<u></u>Ooo------------{=<br>
- <a href="mailto:yba@tkos.co.il" target="_blank">yba@tkos.co.il</a> - tel: <a href="tel:%2B972.2.679.5364" value="+97226795364" target="_blank">+972.2.679.5364</a>, <a href="http://www.tkos.co.il" target="_blank">http://www.tkos.co.il</a> -<br>
<br>
______________________________<u></u>_________________<br>
Linux-il mailing list<br>
<a href="mailto:Linux-il@cs.huji.ac.il" target="_blank">Linux-il@cs.huji.ac.il</a><br>
<a href="http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il" target="_blank">http://mailman.cs.huji.ac.il/<u></u>mailman/listinfo/linux-il</a><br>
</div></div></blockquote></div><br></div>