Security Basics mailing list archives
DoS against ISP: what is "normal?"
From: Robert Inder <robert () interactive co uk>
Date: 18 Oct 2002 01:13:04 +0100
One of our clients has a server colocated at a local ISP. Unfortunately, the ISP has suffered from two or three DoS attacks this year. These incidents have caused severe disruption, rendering the server (and indeed the entire ISP's network) inaccessible (continuously or intermittendly) for several hours while the ISP and their upstream providers have worked to put filters in place. Service has been crippled for somewhere between 12 and 20 hours in all. Our client has raised the possibility of moving to another ISP, and I'm not sure what to say. The ISP's staff are accessible and generally seem organised and competent. For the most part we are very happy with their service, and until these attacks we'd have certainly recommended them. So there is a great deal of scope for jumping out of the frying pan into the fire. I've tried searching for information on what would be a "typical" level of disruption for a small-to-medium ISP, but couldn't find anything. Can someone point me at any relevant statistics or surveys? Is a major DoS attack every few months par for the course these days? Or a sign that someone has really got it in for these guys? Is it reasonable for them to take "a few hours" to bring such an incident under control, or does this suggest there is something wrong? Comments? Suggestions? Robert. -- Robert Inder Interactive Information, 07770 30 40 52 (general) 07808 492 213 3, Lauriston Gardens, 0131 229 1052 (fax) Edinburgh EH3 9HH SCOTLAND UK
Current thread:
- DoS against ISP: what is "normal?" Robert Inder (Oct 18)
- Re: DoS against ISP: what is "normal?" Jay DeSotel (Oct 18)