Comment by bombcar
1 day ago
There's no economic incentive for YOU (as the proximate ISP) to do anything about it, it would cost money, and cost you customers.
Any idea why they don't fix it?
1 day ago
There's no economic incentive for YOU (as the proximate ISP) to do anything about it, it would cost money, and cost you customers.
Any idea why they don't fix it?
Yes, you generally see this kind of thing start from the pain-feelers and move up the chain to the pain-causers.
So why hasn't that happened? These are clearly damaging to many, and ISPs are apparently doing next to nothing to prevent it, and it has been extremely clear for a while now that it's going to just become a bigger and bigger problem.
How are you going to get an end customer to track down whatever device of theirs was hacked?
As a power user I don't know any way of even checking if I'm involved in a botnet.
Is there something like that out there? Something that routers could install to monitor and report?
1 reply →
As the ISP you don't care, you just cut off their connection to fix it. Said user will have to contact a local service to come out and find it.
1 reply →
Are there ISPs that don't charge customers for the amount of bandwidth they consume? Even "unlimited" has been ruled by courts to not really mean "unlimited", after all.
Most in Europe doesn't. Back when I first got 100/100 fiber I uploaded almost 30TB in a month and the only complaint I got was from the torrent site.
Yes, most if not all of them. Is it different in the US?
Most non-mobile ISPs will let you get pretty high on bandwidth usage before they flag you; and since DDoS are almost always relatively low-levels of bandwidth (on the source) it's unlikely you'd get flagged.
Of course there is. If you've got all your internet egress tied up with DDoS attacks from your network it is a big problem.
Most eyeball networks have a lot of inbound traffic and not very much outbound, but interconnections with other networks are almost always symmetric, so there's a lot of room for excess egress before it causes pain to the ISP.
When I ran a large web site that attracted lots of DDoS, it didn't really seem worthwhile to track down the source and try to contact ISPs. I had done a lot of trying to track and stop people sending phishing mail under our name, and it's simply too much work to write a reasonable abuse report that is unlikely to be followed up on. With email, mostly people seem to accept the Received headers are probably true; with DDoS, you'd be sending them pcaps, and they'd be telling you it's probably spoofed, and unless I've got lots of peering, I'm not going to be able to get captures that are convincing... so just do my best to manage the inbound and call it a day.
I think we’re just starting to see attacks that big - which might start some practical mitigations (or they’ll just upgrade transit).