|
 |
>> Sometimes I think it would be nice if there was a widely-supported
>> standard for configuring the firewall at the /other end/ of the last
>> mile to drop certain packets. But anyway...
>
> A DDoS needs to be extremely big for an ISP to notice one of its
> customers is under attack. And you need a special business relationship
> to be able to call them up and ask that they block a certain type of
> traffic at the head end.
Quite. I did actually hear about a guy having to spend ages on the phone
to their ISP to ask for firewall configuration changes.
Now imagine if there were a standard, widely-implemented system for
letting the customer make those configuration changes themselves...
Let's face it, the ISP's routers are almost certainly remote-manageable
anyway. If the unwanted packets can be blocked at the entrance to the
ISP's network, they can save themselves the bother of having to route a
bunch of traffic. (Although the amount of data you can fire at one
customer is probably peanuts compared to the ISP network capacity.)
Ah well, dream on...
Post a reply to this message
|
|
