Sponsored Links

Do ISPs usually log DoS and/or DDoS attacks against customers?

YepFish

Member
If they do, how long do they usually keep these logs for?

Wondering as we suffered an attack a few years ago and reported it to the ISP (sky) though they seemed uninterested at the time.

Wondering more about the general procedure most ISPs would follow in regards to logging attacks, obviously can't know for my specific case etc.

All the answers I have seen so far on other forums have been inconsistent, some saying they don't, some saying the could but usually don't care, some saying they only log attacker IPs for extended periods etc.
 
Technically speaking ISPs, when ordered by a judge, are expected to keep Internet Connection Records (ICR) for 12 months, which are a basic access log of IP addresses, times and dates etc.


If an ISP has been asked to do this, then such logs would also catch attack traffic, although the provider can't easily identify which addresses are relevant to that. Outside that, providers will usually keep basic short-term logs as part of managing traffic that passes over their network.

Under GDPR you can make a request to find out what data an ISP holds, although this may attract a cost, especially if a lot of work is involved in putting all of that together. The courts may also be able to force a release, but there could be limits here, and I'm not sure where the line is drawn.

The big issue for ISPs is that they can't look at such basic logs and say that X detail or IP address is definitely attack traffic, it's never that simple. You'd normally need to identify the attack traffic first, and if you can do that, then what is to be gained from requesting the same data from your ISP? Plus if an ISP knows that certain traffic is malicious then they may block it from ever hitting their network, but again.. it's usually not so simple.

DDoS is particularly tedious because there's often masses of it. The traffic comes from botnets and hijacked computers, which can look just like regular server hits to an ISP.
 
Top
Cheap BIG ISPs for 100Mbps+
Community Fibre UK ISP Logo
150Mbps
Gift: None
Virgin Media UK ISP Logo
Virgin Media £24.00
132Mbps
Gift: None
Shell Energy UK ISP Logo
Shell Energy £26.99
109Mbps
Gift: None
Plusnet UK ISP Logo
Plusnet £27.99
145Mbps
Gift: None
Zen Internet UK ISP Logo
Zen Internet £28.00 - 35.00
100Mbps
Gift: None
Large Availability | View All
Cheapest ISPs for 100Mbps+
Gigaclear UK ISP Logo
Gigaclear £15.00
150Mbps
Gift: None
YouFibre UK ISP Logo
YouFibre £19.99
150Mbps
Gift: None
Community Fibre UK ISP Logo
150Mbps
Gift: None
BeFibre UK ISP Logo
BeFibre £21.00
150Mbps
Gift: £25 Love2Shop Card
Hey! Broadband UK ISP Logo
150Mbps
Gift: None
Large Availability | View All
Sponsored Links
The Top 15 Category Tags
  1. FTTP (5468)
  2. BT (3505)
  3. Politics (2523)
  4. Openreach (2290)
  5. Business (2251)
  6. Building Digital UK (2233)
  7. FTTC (2041)
  8. Mobile Broadband (1961)
  9. Statistics (1778)
  10. 4G (1654)
  11. Virgin Media (1608)
  12. Ofcom Regulation (1451)
  13. Fibre Optic (1392)
  14. Wireless Internet (1386)
  15. FTTH (1381)
Sponsored

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms  ,  Privacy and Cookie Policy  ,  Links  ,  Website Rules