> On Oct 22, 2016 5:11 PM, "Mark Andrews" <ma...@isc.org> wrote:
> One way to deal with this would be for ISP's to purchase DoS attacks > against their own servers (not necessarially hosted on your own > network) then look at which connections from their network attacking > these machines then quarantine these connections after a delay > period so that attacks can't be corollated with quarantine actions > easily. > > This doesn't require a ISP to attempt to break into a customers > machine to identify them. It may take several runs to identify > most of the connections associated with a DoS provider. Josh Reynolds writes: > > And then what? --- ma...@isc.org wrote: From: Mark Andrews <ma...@isc.org> They get in someone to clean up their network. When they say it is clean you reconnect them. If this happens more often than once a year you charge them a months fees per additional incident. Have the year timer start when reconnect is requested. You give them what data you have to backup the claim. -------------------------------------------------- I invoke randy's "i encourage my competitor's to do this". scott