[182578] in North American Network Operators' Group
Re: 20-30Gbps UDP 1720 traffic appearing to originate from CN in last
daemon@ATHENA.MIT.EDU (Ca By)
Thu Jul 23 10:18:06 2015
X-Original-To: nanog@nanog.org
In-Reply-To: <Pine.LNX.4.64.1507230908380.21935@whammy.cluebyfour.org>
Date: Thu, 23 Jul 2015 07:18:02 -0700
From: Ca By <cb.list6@gmail.com>
To: "Justin M. Streiner" <streiner@cluebyfour.org>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
On Thu, Jul 23, 2015 at 6:25 AM, Justin M. Streiner <streiner@cluebyfour.org
> wrote:
> On Thu, 23 Jul 2015, Nicholas Warren wrote:
>
> How will the customer know the ISP is blocking the traffic? Does the FCC
>> make ISPs disclose this information?
>>
>
> If a customer is legitimately trying to reach someone in one of the
> affected IP ranges and failing, at some point, they will either a) give up
> and try later, or b) contact their provider to try to find out what's going
> on.
>
> If it's something widespread enough that the ISP's support line is blowing
> up with calls, I'd hope they would either put some sort of announcement on
> their website/support site/support line.
>
> As with anything else in the ISP world, it's about striking an appropriate
> balance. If ISP X is getting hit with DDoS traffic hard enough to severely
> impact their business, that can warrant an emergency response, albeit
> likely a short-term/tactical response. If not, perhaps a more limited
> response is better. Again, each provider is free to run their network as
> they see fit.
>
> The balance point can also change if downstream ISPs are involved, since
> ISP X might be making the decision to block or not block traffic for the
> downstreams, with or without their consent.
>
> jms
>
>
I agree with you about balance. The issue is that for many of us, UDP
floods / DDoS, is daily business. It is not an emergency when you have a
baseline for UDP and police it.
Or, you can careen from emergency to emergency.
CB
> On 07/22/2015 09:01 PM, Justin M. Streiner wrote:
>>
>>> You're certainly free to block whatever traffic you wish, but your
>>> customers might not appreciate a heavy-handed approach to stopping bad
>>> traffic at the gates.
>>>
>>
>>
