If your iSCSI network traffic can be impacted by an Internet-based DDoS, your network architect is an idiot.

yep, sounded like they shared switches between public and iscsi lans, or worse.

Re: pure magic: perhaps the SAN is willing to talk to whoever sends it packets, and/or to be administered by whoever can enter admin:admin into a poorly-secured web interface as soon as it loses the appropriate connection/reboots due to overload/..?

I agree with my sibling comment that this seems an odd way to install a SAN.