Contributor

DDoS & ISP's

DDoS attacks...

Can ISP's like TW determine whether a device that wants to connect is infected or unprotected?  If so, could the ISP reject the connection from unprotected or infected devices?

48 REPLIES 48
Lead Moderator

Re: DDoS & ISP's

We are able to detect activity that is abnormal or that resembles a Bot.  We do disable modems that display activity that is typically caused by an infected or compromised computer.

 

TWC Bot Help has some steps you can take and some

tools to help. These tools are optional, you may use whatever you like to take 

care of the issue.

 

If you have further questions please feel free to contact us directly at TWC_ForumsHelp

 

Regards,
Julia R.
^TWC-Social Media Customer Care
Moderator-Community Forums

 

 

Highlighted
Sharer

Re: DDoS & ISP's


@ccr67 wrote:

DDoS attacks...

Can ISP's like TW determine whether a device that wants to connect is infected or unprotected?  If so, could the ISP reject the connection from unprotected or infected devices?


Business/Enterprise networks are usually configured that way but not ISPs.

 

ISPs can and do, however, detect suspicious traffic and will notify you if you're infected with a botnet or you're violating DMCA.

 

You don't rely on your ISP for security, if that is what you're getting at.  Did you have security concerns?

Contributor

Re: DDoS & ISP's

Well, we've seen the terrible potential damage that can result to our connected lives when bots are unleashed on our infrastructure.  I'm just wondering whether ISP's have (or could have) the technical ability to keep unprotected and/or infected devices from having access to where they can participate in DDoS attacks against anything.

 

And one more (forum) question...  I keep seeing a big RED rectangle pop up above my post that says there is some authentication problem with me or my post - says "Authentication Ticket missmatched".  The red warning just comes and goes.  I am signed in, btw.  So what's with the red warning?  

Expert

Re: DDoS & ISP's

There's better protection on email by anti spameer listing services like spamhaus,  and little to none by isp's on  IP to IP phishing, ddos and malware attacks

 

Sharer

Re: DDoS & ISP's

The session was ended and a new one established and it doesn't match the prior logged in one.

 

This will happen if, for instance, your IP changes or if the session is disconnected and times-out.

 

If you're multi-homed (have more than one IP connection/ethernet connection on your computer), Windows will have a fit and not handle it well.  Do you have more than one network connection on that computer?

Contributor

Re: DDoS & ISP's

"Do you have more than one network connection on that computer?"

 

I'm a home user with nothing complicated as to network.  I'm on a desktop W10 64bit PC connected to the TW cablemodemrouter via ethernet cable.  I didn't even know that one could have more than one network connection.  I've been on this forum many times over the last year but I've never seen the red Authentication thing before today.

 

But as to my main question...

I'm really wanting to know whether ISP's like TW could stop these DDoS attacks from ever happening by not letting unprotected/infected devices ever connect to to ISP's in the first place.  Could ISP's be REQUIRED by regulation to reject risky devices?  Or could the bots simply do their damage without ever even connecting to ISP's?  Just wondering....   

 

Sharer

Re: DDoS & ISP's

"Can" and "should" are very different things.   "Can"?  Yes.  "Should"?  No.  Unless you want TWC to configure and control your computer...and we see that process doesn't always go smoothly with just the cable modem.

 

The equitable middle-ground is to detect the traffic after it starts and 1) halt it and 2) gather forensic evidence for fix/warning/prosecution.  Pragmatically speaking, we can only mitigate damage, not prevent it completely.

 

Additionally, a DDoS attack doesn't always come from within the network.

 

Having been a government employee and still having to use government systems (gov't is awful with tech...I mean absolutely horrible...and a big PITA to use with LESS security than the commercial industry) and given the big disappointment the FCC is, we really do not want to seek government mandates on this.

 

Besides, what is a "risky device"?  

 

There are no risky devices, only risky users.

Contributor

Re: DDoS & ISP's

I typed out a long reply and tried to post it, but that "Authenticate Ticket" thing popped up again and it failed to post my post, and I don't know where to find what I typed.  I did reboot this morning and I do not know how to make this "Authenticate Ticket" problem go away.

Same PC, same userid, logged in - don't know how to fix this new problem with the forum.

If you do, please tell me how.

Sharer

Re: DDoS & ISP's

Does another browser--preferably one you have never used to browse this forum--do it also?

 

If it doesn't, clear the problem browser's cache.  If that doesn't do it, delete the timewarner cookies.