Home page logo
/

nanog logo nanog mailing list archives

RE: Measured Internet good v. "bad" traffic
From: "Stephen J. Wilcox" <steve () telecomplete co uk>
Date: Thu, 28 Aug 2003 11:04:47 +0100 (BST)


On Thu, 28 Aug 2003, David Schwartz wrote:

      The point is that 'usage' is supposed to be 'what you use', not what
somebody else uses. 'My' traffic is the traffic I want, not the traffic you
try to give me that I don't want.

Okay but in Internet terms the receiver usually pays for the traffic without
necessarily initiating it, this is different from everyday experience of
FedEx-ing a parcel or making a telephone call in which it is the sender who
picks up the charge. This isnt really a quesion its more a statement of fact..

      I don't want to avoid it, I just don't want to be charged for what I do not
want.

Which is a natural enough reaction but you dont necessarily get what you want :) 
I cant see any ISP negotiating a transit contract which takes account of 
unwanted traffic, apart from the fact that there is a real cost which has to be 
borne somewhere (I previously suggested if they didnt charge you the Mbs they 
would just increase the $$$s to compensate) its just too complicated from a 
billing point of view to work this out.

      Suppose, for example, my provider's network management scheme pings my end
of the link every once in a while to see if the link is up. Suppose further
this ping made a dent in my bill, so the provider decides to ping more
often, say five times a second with large packets to be *sure* the link is
reliable. Do you seriously think it's reasonable for me to pay for this
traffic?

That would be deliberate on the providers part and I'm sure some lawyer would be 
able to put up a case for fraud.. thats not what we're talking about tho. If it 
was required legitimately that would be different but in which case you could 
make appropriate direct or indirect deductions to your costs.

      There is no limit to how long a DoS attack can last. And your provider has
no incentive to trace/filter if he gets a major profit if he can just make
that attack last a few more hours.

Indeed, and I'd be annoyed if my provider deliberately allowed this to happen,
I'd probably shut down my connection to them and find some relevant contractual
clause before demanding credit or legal action. I cant imagine they'd last too
long doing this to everyone! That said however, my own experience of big
providers (no names but one of whose name has been praised quite a lot recently
on this list) is that their abuse team were completely useless.

      By definition, anything two parties agree to with full knowledge is fair to
both of them. How DoS attacks are handled should be part of the negotiation
of any ISP/customer agreement. However, for many of the contracts I've seen
the contract was silent and ambiguous.

True, but this is the nightmare legal world we're in, DoS attacks have tended 
not to disrupt billing and we assume we wont be charged but you're right, these 
days you have to explicitly mitigate for all possibilities..

      For a 95 percentile agreement, it's reasonable for the customer to take
responsibility for DoS traffic until he makes a request to the provider's
NOC. It's also reasonable for the provider to charge a fixed 'incident fee'
for each attack that requires NOC and network resources. It is not
reasonable for the incentive structure to reward the NOC for doing nothing
and penalize them for any attempt to help.

Sounds like the start for a whole new discussion topic.. :)

Steve


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault