> William Herrin > Sent: Tuesday, August 25, 2020 4:20 PM > > On Tue, Aug 25, 2020 at 4:15 AM Douglas Fischer > <[email protected]> wrote: > > a) Should an ISP block that Kind of traffic? > > Hi Douglas, > > Generally speaking the answer is NO, You should not presume that your > understanding of your customers' data traffic is sufficiently complete or > correct to make blocking decisions for them. > Agree, but there are less invasive options as well like rate limiting or comb rate-limiting (i.e. rate-limiter per address range).
> > b) Should a Transit Provider block that Kind of traffic? > > Preemptively? Never. If I found my business transit provider was doing this, > I'd treat it as a breach of contract. > Agree, but again one can still do proactive rate limit based on historical data (to address the hit and run type of attacks -that exploit the reactive application of filters). adam
