Slashdot Mirror

← Back to Stories (view on slashdot.org)

Bad Behavior on the 'Net - Who Pays the Bandwidth Bill?

Posted by Cliff on from the stuff-to-talk-about dept.

rakolam asks: "I am involved with network management in the hosting department of a fairly large ISP. Constantly we have customers who dispute inbound bandwidth spikes and demand service credits on their burstable connections. Events such as the Slammer Virus literally have everyone knocking on their salesperson's door at the end of the billing cycle. My position is that the internet is a public space, and by placing themselves in that space, one has to realize the consequences (and the implications of burstable billing). I'd like Slashdot's perspective on this. Should ISP's ultimately eat the costs of malicious behavior? Is the customer ultimately responsible for the bandwidth they've generated, regardless if it's desired or not? Is this a new frontier for insurance companies?"

9 of 595 comments (clear)

  1. Charge on sent traffic. by FirstManOnMoon · · Score: 5, Interesting

    Every ISP should base charges only on how much traffic you send. That would give people a real incentive to keep their systems patched and secured. You wouldn't have to pay a ridiculous amount if you're on the receiving end of a DOS. You would have to pay if your systems get hacked or catch a worm though.

    Alas, unless every ISP participated, this model wouldn't work well.

  2. Simple policy by cybermace5 · · Score: 5, Interesting

    Keep up to date on current worms and other bandwidth threats. Notify your customers about these threats, and provide information on how to eliminate or reduce the impact.

    Any massive bandwidth they log after that, is their responsibility. You notified them, and they did not listen.

    After a few incidents like that, they will start to listen to your warning messages.

    --
    ...
    1. Re:Simple policy by Croaker · · Score: 5, Interesting

      Err... the problem is customers are billed by the ISP for incoming bandwidth. How is a customer supposed to stop incoming packets from some pinhead's server that got itself infected with some virus? Is the ISP allowing them to setup a firewall outside the ISP to block this stuff? If not, then saying 'hey, there are some nasty viruses going around' is pretty much beside the point. There's nothing the customer can do to block those incoming packets before they are charged for them by the ISP.

      This is a thorny issue. The real answer is that the twit whose server got owned and is spewing garbage out on the net should be responsible for paying. But enforcing that is going to be a problem.

    2. Re:Simple policy by ADRA · · Score: 5, Interesting

      Here is a 'simple' policy as an ISP.

      If you are hosting business internet lines give the customers 2 options.

      1. Wide open internet. Nothing is filtered on the ISP end, as it stands today, and the customer is 100% liable for ANY traffic circulating between the internet and the customer, solicited or not.

      2. Abuse Managed Internet. Charge a fee to the customer per month, which get the customer:
      - Any abuse, aka DOS attempts removed from the monthly bandwidth
      - The ISP will filter abuse attempts before they occur, so if there is a code red floating around, allow a transparent proxy / firewall throw the packets away before it causes your customers harm.
      The trade off for the customer is more assured price, and quality of service for the price of flexability and a nominal charge.

      --
      Bye!
  3. Re:In other words by unicron · · Score: 5, Interesting

    I've always wondered about that. If you had your business on the net, and /. linked to it, causing it to go down, would /. be liabel? Assume the following before replying:

    */. did NOT warn the page
    *The page in question NEVER receives the amount of traffic necessary to bring it down.
    *Let's assume it happened on a Saturday, when they had minimal support
    *The company can PROVE they lost revenue. /. can't really play dumb, they HAVE TO know the /. effect is going to be too much for a page. It can almost be called a DoS attack at this point.

    --
    Finally, math books without any of that base 6 crap in them.
  4. Monitoring and Opting Out by pbryan · · Score: 5, Interesting

    My previous employer was unfortunate enough to be attacked by a series of distributed ICMP ping flood attacks. Our bill jumped from under $1K per month (Canadian) to over $10K in less than a day.

    We adjusted our monitoring process to detect these spikes early and contact our ISP to deny traffic from the offending subnets. Luckily, our ISP was willing to do this, even though they still incurred traffic from inbound packets. Luckily, these attacks originated from a few subnets that could be isolated.

    As a further kludge, we eventually disabled ICMP altogether on our routers, and lived without ping and traceroute.

    Having a host on the net is a risky proposition. You pay for inbound and outbound traffic, regardless of the source, packet type, or quantity. DDoS attacks can not only prevent your server from being accessable, they could literally bankrupt you if you become a target and don't take preventative measures.

    Hmm... One click bankruptcy. I wonder if anyone has tried to patent this yet...

    Our ISP was technically capable of detecting and thwarting various attacks. Ultimately, the policy of monitoring and contacting an ISP when traffic exceeds a certain threshold seems like a workable solution for average co-locaters.

    Given the architecture of the Internet, it's difficult to see how we could shift the burden to pay away from the server to the client. It seems like a problem remarkably similar to the problem of spam.

    --

    My car gets 40 rods to the hogshead, and that's the way I likes it!

  5. Re:analogous to water/electric company IMHO by jgerman · · Score: 5, Interesting
    No but what I do expect is to be able to set a turn off point for my site when bandwidth goes too high. Here's a for instance. I wasnted to put up a smallish site at WazooWeb (yes I actually clicked on a /. banner) for 6.95 a month it didn't seem like a bad deal, and 10GB of bandwidth seems more than enough. But what if I get /.'ed, or something equally remote happens that blows me over the limit. I want a way to say, once I'm at my limit shut me down for the month, unless I explicitly come in and say go ahead... I'll take the extra charges. It's not like I even want it on be default, I'm perfectly ok with setting the threshold myself.


    Of course my small scale situation may not translate to a large business account.

    --
    I'm the big fish in the big pond bitch.
  6. Just like in real life by raarts · · Score: 5, Interesting

    Suppose you live on a crosspoint of several countries. Your house happens to be located in a dangerous curve on the road. Also for some reason your house looks to some kiddies like it asks to be vandalized.

    For these reasons you get a lot of breakin attempts, occasionally a truck crashes through your walls. All this is not only by people from your own country, but from neighbouring countries as well.

    You install warning lights and other measures so cars and trucks don't come in crashing. You call the police when kiddies vandalize your home, but they says they can't do anything.

    All this costs you a lot of money and headaches.

    In real life there are several ways to defend yourself:

    • taking your own safety measures as can reasonably be expected from a houseowner
    • get insured for the unexpected
    • trust the police the catch criminals
    • trust international law enforcement for border-crossing crimes

    Now apply these principles to your hosting server.

    • Of course you should take every precaution within reason to prevent your server from being hacked (keep it up to date folks)
    • Get an insurance for unexpected costs. I'll bet insurance companies could do well here
    • Trust the cops for catching the script kiddies and real criminals. Alas, the police is hopeless understaffed and low on resources for these new crimes. Also legislation is lagging behind
    • International laws? Don't count on it. Same as above, but worse.

    Suppose your house is rented. Is the person renting you the house responsible for every breach? Did he warn you before you signed the contract? Is it his responsability to call you every time some vandals are passing on the road? Or some truck may crash into your home?

    Of course your ISP can warn you for every threat that may be coming, but what if there's no warning time? Or he misses a small thing that happens to affect your server bigtime? Is the ISP really responsible?

    Be careful out there...

  7. Hrm by pclminion · · Score: 5, Interesting
    Well, here's the scenario people seem to be putting forth:

    ISP A has customer X. ISP B has malicious user Y. Malicious user Y sends huge quantities of packets to user X.

    The question seems to be, should ISP A eat the cost, or should customer X eat it? Why the hell are those the only two options?! It seems to me like ISP *B* should eat the cost, since the malicious packets were sent through their network in the first place. ISP B can attempt to recover their loss directly from malicious user Y.

    The ISP *and* the customer are both victims in a DOS attack. Whoever runs the network which *initiated* the attack should be responsible.