On Sun Sep 18, 2016 at 03:58:57PM +0200, Florian Weimer wrote: > * Tom Beecher: > > Simon's getting screwed because he's not being given any information to try > > and solve the problem, and because his customers are likely blaming him > > because he's their ISP. > > We don't know that for sure. Another potential issue is that the ISP > just cannot afford to notify its compromised customers, even if they > were able to detect them.
I'd like to think that we're pretty responsive to taking our users offline when they're compromised and we're made aware of it - either through our own tools, or through 3rd party notifications. The process with Sony goes something like: - User reports they can't reach PSN - We report the Sony/PSN, they say "Yes, it's blocked because that IP attacked us" - We say "Okay, that's a CGNAT public IP, can you help us identify the which inside user that is - (timestamp,ip,port) logs, or some way to identify the bad traffic so we can look for it ourselves" - Sony say no, either through silence, or explicitly. - We have unhappy user(s), who blame us. Simon