[c-nsp] ISP response and traffic billing for DDOS
Gert Doering
gert at greenie.muc.de
Mon Sep 3 02:44:12 EDT 2007
Hi,
On Mon, Sep 03, 2007 at 10:58:21AM +0800, Hock Jim wrote:
> Sorry for being slightly off-topic, but hoping to seek some advise on
> what is typically the case for ISP response in the case of a DDOS.
>
> In the case of a DDOS attack that saturates an upstream, typically:
> 1. will the ISP charge (based on 95% percentile) for the days or hours
> where the traffic increased substantially due to attack traffic
Sure. You're paying the ISP for usage of their network - inteded or not.
(I have been told that the most important reason why 95% percentile billing
is used is that exceptionally high traffic actually doesn't show up on the
bill, unless it lasts longer than 5% of the month = over a day)
> 2. will the ISP help to filter out the attack traffic once the
> source/destination has been identified (without any ISP involvement)
I would be very disappointed if they wouldn't do that.
> 3. will the ISP charge for the traffic filter?
Normally the shouldn't - but then, if you picked the cheapest ISP from
those in your region, they have no margin for customer friendliness, so
they might need to.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
More information about the cisco-nsp
mailing list