[c-nsp] ISP response and traffic billing for DDOS
Hock Jim
hohockjim at gmail.com
Sun Sep 2 22:58:21 EDT 2007
Hello all,
Sorry for being slightly off-topic, but hoping to seek some advise on
what is typically the case for ISP response in the case of a DDOS.
In the case of a DDOS attack that saturates an upstream, typically:
1. will the ISP charge (based on 95% percentile) for the days or hours
where the traffic increased substantially due to attack traffic
2. will the ISP help to filter out the attack traffic once the
source/destination has been identified (without any ISP involvement)
3. will the ISP charge for the traffic filter?
We were recently hit by a ICMP DDOS, after identifying the attack
traffic through NBAR (why isn't NBAR hardware in Sup720?!?) and
Netflow information, our experience with our (tier-one) ISPs have been
less than stellar, and were wondering if switching ISPs actually
helps.
Thanks in advance.
regards,
Jim
More information about the cisco-nsp
mailing list