Security threats Toolkit

ISPs raise the stakes on DDoS attacks

Dan Ilet ZDNet.co.uk

Published: 30 Nov 2004 12:45 GMT

Internet service providers have hit back at claims they should be doing more to prevent denial-of-service attacks.

Security heads for BT and Cable and Wireless said that they can protect their customers from the attacks, but that they will not provide the service for free.

"Why should ISPs do something?" said John Regnault, head of security technology for BT. "It's very much as if people want something for nothing. This noise is superfluous and silly."

Regnault said that BT took DDoS attacks seriously for its customers and because it was a large ISP, it stood a better chance of defending from the attacks than smaller providers. He said that defending from DDoS attacks was a matter of customers paying for security.

"It is a question of what a customer is prepared to buy," he added. "There are a number of BT customers who are very happy with the DDoS defence. Perhaps if you are not prepared to pay that, you would jump up and down and say it's the duty of the ISP to do it. Perhaps I would say that it's time to change ISP."

Director of incident response for Cable and Wireless Richard Starnes agreed that customers should pay for DDoS protection.

"We get put into this position that ISPs should do more to promote anti-spam and antivirus," said Starnes. "We should do, but we're going to charge for it. We're a business and we have to support our shareholders and keep our employees in jobs. We're not going to do that by giving our services away for free."

Earlier this month Richard Clarke, the former cybersecurity advisor to the White House, called for ISPs to do more in protecting their customers. But Starnes said this was a general comment.

"It's kind of a blanket statement," he said. "We have responded to customer attacks and we've been instrumental [in defending] from them."