20-30Gbps UDP 1720 traffic appearing to originate from CN in last 24 hours

• Previous message (by thread): 20-30Gbps UDP 1720 traffic appearing to originate from CN in last 24 hours
• Next message (by thread): 20-30Gbps UDP 1720 traffic appearing to originate from CN in last 24 hours
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 23 Jul 2015, Nicholas Warren wrote:

> How will the customer know the ISP is blocking the traffic? Does the 
> FCC make ISPs disclose this information?

If a customer is legitimately trying to reach someone in one of the 
affected IP ranges and failing, at some point, they will either a) give up 
and try later, or b) contact their provider to try to find out what's 
going on.

If it's something widespread enough that the ISP's support line is blowing 
up with calls, I'd hope they would either put some sort of announcement on 
their website/support site/support line.

As with anything else in the ISP world, it's about striking an appropriate 
balance.  If ISP X is getting hit with DDoS traffic hard enough to 
severely impact their business, that can warrant an emergency response, 
albeit likely a short-term/tactical response.  If not, perhaps a more 
limited response is better.  Again, each provider is free to run their 
network as they see fit.

The balance point can also change if downstream ISPs are involved, since 
ISP X might be making the decision to block or not block traffic for 
the downstreams, with or without their consent.

jms

> On 07/22/2015 09:01 PM, Justin M. Streiner wrote:
>> You're certainly free to block whatever traffic you wish, but your
>> customers might not appreciate a heavy-handed approach to stopping bad
>> traffic at the gates.
>

• Previous message (by thread): 20-30Gbps UDP 1720 traffic appearing to originate from CN in last 24 hours
• Next message (by thread): 20-30Gbps UDP 1720 traffic appearing to originate from CN in last 24 hours
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]