North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: What do you want your ISP to block today?
On Sat, 30 Aug 2003, Iljitsch van Beijnum wrote: > > What would be great though is a system where there is an automatic > check to see if there is any return traffic for what a customer sends > out. If someone keeps sending traffic to the same destination without > anything coming back, 99% chance that this is a denial of service > attack. If someone sends traffic to very many destinations and in more > than 50 or 75 % of the cases nothing comes back or just an ICMP port > unreachable or TCP RST, 99% chance that this is a scan of some sort. > No... I have one T1 to Sprint and one T1 to AT&T, I think my AT&T bill will be high this month so I stop sending OUT AT&T and only accept traffic, all my traffic in that link... So now I push OUT sprint and IN AT&T. I don't want sprint to kill my connection just because all traffic to me is entering AT&T do I?
|