In reference to the recent massive distributed denial of service (DDoS) attack on Dyn, some telecommunications industry experts raised the issue of “Net Neutrality” when it comes to blocking suspicious traffic. Their concern is that “…internet service providers don't have a legal framework to block apparently legitimate traffic overloads,” according to an article in FCW magazine.
At a November 8 National Cybersecurity Institute panel Robert Mayer, vice president of industry and state affairs at the U.S. Telecom Association, said:
“Telecommunications carriers were ready to engage with the Department of Homeland Security about possibly blocking suspect traffic. However, such defensive measures could pose a legal problem because providers don't have liability protections and are obligated by law to continue service.”
Collaboration between the government and private sectors can be helpful, so we at Corero encourage it. We also understand that Net Neutrality is an important and sensitive issue, and that ISPs have a legal obligation to deliver all traffic to their customers. But of course, none of their customers want any “bad” (DDoS) traffic!
Fortunately, we know from our customers’ experience that by using Corero’s anti-DDoS mitigation technology ISPs can detect and block DDoS traffic without impacting good traffic. Our appliance-based DDoS mitigation solution can be deployed at the peering and transit points of an ISP network to effectively block bad (DDoS) traffic—even application layer and multi-vector attacks— at a granular level, while allowing good traffic to pass through. This protects both the ISP’s own network as well as their downstream customers. It’s much easier to deploy DDoS protection at the network edge instead of worrying about whether to consult lawyers about blocking “suspicious” traffic.
Companies like htp GmbH in Germany have deployed Corero's DDoS protection solution. As a result of their Corero implementation, htp has achieved effective protection from all volumetric, application layer and multi-vector attacks; even those lasting less than five minutes, and utilizing only a small amount of bandwidth. Htp can now focus much more clearly on the core business in the future instead of being side-tracked by DDoS defense. Furthermore, ISPs like htp can offer this scalable and precise DDoS protection as an extension of their current service offerings to their customers. It can be a dynamic solution for protecting against DDoS attacks, whereby they only pay for the bandwidth actually used when an attack occurs. In fact, htp is already considering offering a service of this kind because it is attractive for end customers.
For more information, contact us.