Sunday, December 20, 2015

DOS/DDOS protection and EU regulations.

Some time ago I sent question to EU about DOS/DDOS protection because I believe ISPs could do a bit more to protect us:

Dear Sirs,

I found you are responsible of creating safe, reliable Internet. As you know most of EU companies already had or they will have problems with hackers. One of the attacks is commonly known as Denial of Service Attack or Distributed Denial of Service Attack (DOS, DDOS). 15 years ago one document was published, knows as Best Current Practice 38 (BCP 38 or RFC 2267). I don't know why it has not been widely implemented by ISPs during last 15 years. They complained it is very time consuming and difficult to manage. Let me explain how it works:

- every company or home user has IP address or range of IP addresses allocated by ISP (for example
- every edge router is managed by the same ISP who allocates these IP addresses
- BCP 38/RFC 2267 says: block any traffic from network (company or home) where source IP is different from the allocated one
- with this rule the user is not able to perform DDOS attack because the first ISP router will drop it (during such attacks the attacker spoof his own IP and with this configuration all traffic will be denied on the 1st ISP router)
- it doesn't protect all EU against attacks as they are originated from different part of the world but we can stop most of them which are originated in EU
- there is one limitation - the network can't be transit (other institution/companies pass traffic through this one) but for all stub networks, single-homed users (with only one ISP) it is pretty easy.

I think that only EU regulation would force, oblige them  (ISPs) to implement it widely. Last 15 years proved that without any regulation they are not interested to do it. Another possible problem is - the interest conflict - as ISPs can sell, very expensive, DDOS/DOS protection. Such regulation means - less revenue.

I don't know exactly if I sent this message to the correct people. If no, please forward to them. I hope it will help us to have safe Internet.
I couldn't find Bodo Lehmann and G√ľnther Oettinger email, maybe one of them is a right person.

Thank you
Hubert Wisniewski

They sent me respond with some arguments I can't agree with:

I replied with my contra-arguments:

Dear All,
thank you for your respond but I can't understand some of your arguments. I understand that privacy is very important but please look at the traffic with spoofed source IP as driving your car with fake number plates. You should use the original ones but from some reasons you have fake ones. Should we interfere in such matters? Of course the solution is valid only for home and SMB users with one Internet link (not for multihomed users) [and transit networks - I should add]

Let's see what they say.

1 comment:

  1. Great informative post, thanks so much for sharing your thoughts on this,please visit once at