đŸ±Bad Neighbours in the ISP Landscape | The Unforgivable Oversight of Dirty Traffic đŸ„”

Ronald BartelsRonald Bartels
4 min read

The internet thrives on cooperation, where service providers ensure that their networks play nicely with others. But in South Africa, a growing list of ISPs—with examples being Vodacom, Hero, Afrihost, Cool Ideas, and Vox—are failing at this fundamental principle. Allowing dirty traffic to originate from your network and attack peers isn’t just bad etiquette—it’s reckless mismanagement.

Being a good neighbour in the ISP world isn’t optional; it’s essential for the health of the internet and your own infrastructure. Ignoring this responsibility is a glaring technical inadequacy that raises serious questions about the competence and priorities of these providers.

Here is the analytics from Cloudflare’s RADAR:

What Is Dirty Traffic, & Why Does It Matter?

Dirty traffic refers to malicious packets originating from compromised or misconfigured devices on an ISP's network. These packets can include:

  • DDoS Traffic: Flooding target networks or servers to overwhelm them.

  • Spoofed Packets: Packets with forged headers to disguise their origin.

  • Malware Propagation: Attacks designed to infect other systems across the internet.

When this dirty traffic flows unchecked, it wreaks havoc on peer networks, disrupts global connectivity, and ultimately damages the originating ISP’s own infrastructure.

The Role of ISPs as Guardians

An ISP’s role isn’t just about providing fast connectivity; it’s about safeguarding the ecosystem. Failing to implement basic protective measures like Source Address Validation (SAV) or neglecting the vulnerabilities in their own customer premises equipment (CPE) is inexcusable.

Source Address Validation (SAV)

SAV ensures that packets originating from an ISP’s network are verified against legitimate IPs. This prevents the spoofing of source addresses—a common tactic in DDoS attacks.

CPE Vulnerability Monitoring

Many ISPs provide routers and modems to customers but fail to secure or update them. These devices often become breeding grounds for botnets, contributing to the dirty traffic problem.

When ISPs overlook these responsibilities, they allow compromised devices to flourish, attacking peer networks while also harming their own.

The Reality | Dirty Traffic Hurts Everyone

It’s not just neighbouring peers that suffer. Dirty traffic creates congestion and inefficiencies that degrade the originating ISP’s own network performance.

  • Increased Latency: Malicious traffic clogs pathways, slowing down legitimate data.

  • Overburdened Infrastructure: Firewalls, routers, and switches are strained, causing service disruptions.

  • Reputational Damage: ISPs gain a reputation as untrustworthy, losing business from informed customers.

A Pattern of Negligence in South Africa

The negligence of South African ISPs based on the RADAR data such as Vodacom, Hero, Afrihost, Cool Ideas, Vox, Dimension Data, Infogro and MTN has persisted for far too long. Allowing dirty traffic to attack peers is a sign of mismanagement and a lack of technical foresight. The fact that this has continued unchecked suggests systemic issues:

  • Lack of investment in modern mitigation tools.

  • Inadequate network monitoring to detect and stop malicious activity.

  • A reactive approach to network management instead of proactive safeguards.

For customers on these networks, it’s a wake-up call. Is your ISP providing a robust, secure service—or is it running a Mickey Mouse operation that prioritises cost-cutting over competence?

The Questions Customers Should Be Asking

If your ISP is allowing malicious traffic to originate from its network, here are the critical questions to ask:

  1. What monitoring tools are in place to detect malicious activity?

  2. Are mitigation techniques like SAV and advanced firewalls being used?

  3. How often is customer equipment audited and updated for vulnerabilities?

  4. What steps is the ISP taking to cooperate with peers and ensure stability?

If your ISP can’t provide clear answers, it may be time to reconsider whether they deserve your business.

The Bigger Picture | Protecting the Internet Ecosystem

ISPs have a duty not just to their customers but to the internet as a whole. By failing to control dirty traffic, they jeopardise the stability of the entire ecosystem. It’s time for South African ISPs to step up, invest in proper safeguards, and clean up their networks.

The internet works best when everyone plays their part. Bad neighbours aren’t just hurting their peers—they’re hurting themselves and their customers. If your ISP is one of them, it’s time to demand better.

Further reading about why Vodacom is so dirty:

https://hubandspoke.amastelek.com/when-mtu-problems-turn-an-isp-into-an-unwitting-ddos-suspect
10
Subscribe to my newsletter

Read articles from Ronald Bartels directly inside your inbox. Subscribe to the newsletter, and don't miss out.

internetisp#SouthAfricaddos

Written by

Ronald Bartels
Ronald Bartels

Driving SD-WAN Adoption in South Africa