Sponsored

Do ISPs usually log DoS and/or DDoS attacks against customers?

YepFish

Member
If they do, how long do they usually keep these logs for?

Wondering as we suffered an attack a few years ago and reported it to the ISP (sky) though they seemed uninterested at the time.

Wondering more about the general procedure most ISPs would follow in regards to logging attacks, obviously can't know for my specific case etc.

All the answers I have seen so far on other forums have been inconsistent, some saying they don't, some saying the could but usually don't care, some saying they only log attacker IPs for extended periods etc.
 

Mark.J

Administrator
Staff member
ISPreview Team
Technically speaking ISPs, when ordered by a judge, are expected to keep Internet Connection Records (ICR) for 12 months, which are a basic access log of IP addresses, times and dates etc.


If an ISP has been asked to do this, then such logs would also catch attack traffic, although the provider can't easily identify which addresses are relevant to that. Outside that, providers will usually keep basic short-term logs as part of managing traffic that passes over their network.

Under GDPR you can make a request to find out what data an ISP holds, although this may attract a cost, especially if a lot of work is involved in putting all of that together. The courts may also be able to force a release, but there could be limits here, and I'm not sure where the line is drawn.

The big issue for ISPs is that they can't look at such basic logs and say that X detail or IP address is definitely attack traffic, it's never that simple. You'd normally need to identify the attack traffic first, and if you can do that, then what is to be gained from requesting the same data from your ISP? Plus if an ISP knows that certain traffic is malicious then they may block it from ever hitting their network, but again.. it's usually not so simple.

DDoS is particularly tedious because there's often masses of it. The traffic comes from botnets and hijacked computers, which can look just like regular server hits to an ISP.
 
Top
Promotion
Cheapest Superfast ISPs
  • Vodafone £19.50 (*22.50)
    Speed 38Mbps, Unlimited
    Gift: None
  • NOW £20.00 (*32.00)
    Speed 36Mbps, Unlimited
    Gift: None
  • Hyperoptic £20.00 (*25.00)
    Speed 50Mbps, Unlimited
    Gift: Promo Code: ROKUGIFT
  • TalkTalk £21.00 (*29.95)
    Speed 38Mbps, Unlimited
    Gift: None
  • Shell Energy £21.99 (*30.99)
    Speed 35Mbps, Unlimited
    Gift: None
Large Availability | View All
Cheapest Ultrafast ISPs
  • Vodafone £23.50 (*26.50)
    Speed: 100Mbps, Unlimited
    Gift: None
  • Gigaclear £24.00 (*49.00)
    Speed: 300Mbps, Unlimited
    Gift: None
  • Hyperoptic £25.00 (*35.00)
    Speed: 150Mbps, Unlimited
    Gift: Promo Code: ROKUGIFT
  • Community Fibre £27.50 (*32.50)
    Speed: 200Mbps, Unlimited
    Gift: First 6 Months Free
  • Virgin Media £28.00 (*52.00)
    Speed: 108Mbps, Unlimited
    Gift: None
Large Availability | View All
Helpful ISP Guides and Tips
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
Promotion
The Top 20 Category Tags
  1. FTTP (3667)
  2. BT (3044)
  3. Politics (1975)
  4. Building Digital UK (1945)
  5. FTTC (1897)
  6. Openreach (1862)
  7. Business (1717)
  8. Mobile Broadband (1501)
  9. Statistics (1430)
  10. FTTH (1367)
  11. 4G (1295)
  12. Virgin Media (1196)
  13. Fibre Optic (1184)
  14. Wireless Internet (1176)
  15. Ofcom Regulation (1167)
  16. Vodafone (859)
  17. EE (845)
  18. 5G (792)
  19. TalkTalk (781)
  20. Sky Broadband (757)
Sponsored

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms  ,  Privacy and Cookie Policy  ,  Links  ,  Website Rules