[OT somewhat] DDOS attacks, where to report?
E.S. Rosenberg
esr+linux-il at g.jct.ac.il
Sat Jan 26 23:22:18 IST 2013
Why should the ISP have that responsibility?
They are as far as most of us are concerned not even supposed to do DPI
(deep packet inspection) and without DPI they have almost no way of telling
the difference between a site that is under attack and a site that just
posted something that is so popular that everyone is going there also
effectively DDOS'ing...
The responsibility to go to the authorities lies squarly with the victim,
elthough you might expect some good citizenship from the ISP if they signal
illegal activities they still have a very hard time telling the legit from
the illegitimate traffic.
Also ISPs in Israel don't even bother to put virus affected customers in
quarantine where they are blocked from accessing the internet until they
clean their computer(s), something which is fairly easy for them to
implement and very much in the ISPs interest so why would they do more
complicated things like dissecting attacks?
(I know some of the better ISPs outside of Israel do this)
As far as an example of equipment goes, tweakers.net did a review on an
anti DDOS firewall appliance in 2010:
http://tweakers.net/reviews/1648/riorey-rx1810-how-to-put-a-firewall-through-hell.html
Such an appliance would iirc not be usefull at the ISP level since it
utilizes traffic patterns
Regards,
Eliyahu - אליהו
2013/1/26 Jonathan Ben Avraham <yba at tkos.co.il>
> Hi Shimi,
>
> Thanks.
>
> What I am trying to find out is if there are any Israeli ISP's that
> actually offer protection against DDOS attacks and if there is any stated
> public policy on such attacks. For example, is there a legal requirement
> for individuals or ISP's to report such crimes as there is with other
> crimes? Does the government view the liability for damages resulting from
> such attacks as a private responsibility like burglary or fire insurance
> even when the attack is committed by an enemy of the state? Is this written
> anywhere and is there any applicable case law? How big or persistent does a
> cyber attack have to be for it to be considered a public issue? Or has no
> one in government ever considered the question?
>
>
> - yba
>
>
>
> On Sat, 26 Jan 2013, shimi wrote:
>
> Date: Sat, 26 Jan 2013 22:11:24 +0200
>>
>> From: shimi <linux-il at shimi.net>
>> To: Jonathan Ben Avraham <yba at tkos.co.il>
>> Cc: E.S. Rosenberg <esr+linux-il at g.jct.ac.il>, ILUG <
>> linux-il at cs.huji.ac.il>
>>
>> Subject: Re: [OT somewhat] DDOS attacks, where to report?
>>
>> On Sat, Jan 26, 2013 at 10:00 PM, Jonathan Ben Avraham <yba at tkos.co.il>
>> wrote:
>>
>>
>> But unless your friend shows that he is taking serious steps
>> to prevent this type of thing in the future no ISP has to allow him onto
>> their network, there are ISPs that specialize in hosting sites that are
>> prone to being
>> attacked but the price is
>> obviously accordingly.
>>
>>
>> For example?
>>
>>
>>
>> http://www.prolexic.com/**services-dos-and-ddos-**mitigation.html<http://www.prolexic.com/services-dos-and-ddos-mitigation.html>
>>
>> Not a recommendation in any way, just an example.
>>
>> -- Shimi
>>
>>
>>
>>
> --
> EE 77 7F 30 4A 64 2E C5 83 5F E7 49 A6 82 29 BA ~. .~ Tk Open
> Systems
> =}----------------------------**--------------------ooO--U--**
> Ooo------------{=
> - yba at tkos.co.il - tel: +972.2.679.5364, http://www.tkos.co.il -
>
> ______________________________**_________________
> Linux-il mailing list
> Linux-il at cs.huji.ac.il
> http://mailman.cs.huji.ac.il/**mailman/listinfo/linux-il<http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.cs.huji.ac.il/pipermail/linux-il/attachments/20130126/b2dd8034/attachment-0001.html>
More information about the Linux-il
mailing list