Cox Pass-through of DoS attacks?
Connecting to a web page often requires two or three attempts. HTML email often doesn't render without going back and forth between them several times. When this is occurring I found the following (or similar) in the router log:
[DoS Attack: RST Scan] from source: 220.127.116.11, port 16187, Monday, January 31,2022 15:52:29
[DoS Attack: RST Scan] from source: 18.104.22.168, port 1121, Monday, January 31,2022 15:40:17
[DoS Attack: RST Scan] from source: 22.214.171.124, port 25736, Monday, January 31,2022 15:25:31
[DoS Attack: ACK Scan] from source: 126.96.36.199, port 10668, Monday, January 31,2022 14:41:49
In this particular instance, the first three IPs trace to cert.br / registgro.br, servers that refuse to expose all the IPs they control and that appear to be set up for spammers, scammers and dark web use. Therefore COX security should block all communications that originate from IPs belonging to the users of these domains.
The latter one was from a server in San Francisco and so COX should be able to prosecute them under state and federal anti-hacking laws. WHY DON"T THEY? After all COX IS scanning all our OUTGOING web traffic so they can throttle-down the responses from competing streaming services and those who don't pay the fare for favorable treatment when routing through COX servers. Seems like they could easily throttle a DOS attack to 0.