Spitballing IoT Security
Roland Dobbins
rdobbins at arbor.net
Fri Dec 2 11:28:51 UTC 2016
On 30 Oct 2016, at 7:32, Ronald F. Guilmette wrote:
> you don't need to be either an omnious "state actor" or even SPECTER
> to assemble a truly massive packet weapon.
I agree:
<https://www.arbornetworks.com/blog/asert/how-to-become-an-internet-supervillain-in-three-easy-steps/>
;>
> Two kids with a modest amount of knowledge and a lot of time on their
> hands can do it from their mom's basement.
And indeed have done so, many times.
The *entire purpose* of Mirai is DDoS-for-hire - it's a foundation for
so-called 'booter/stresser' services. So, the various articles about
how these botnets 'might' be for sale are uninformed - they're *for
rent*, that's their raison d'être.
And renting them is cheap. The economic and resource asymmetries highly
favor the attackers.
All the speculation about how 'state actors' are somehow 'learning how
to take down the Internet' is equally uninformed. State actors already
know how to do this, they don't need to 'learn' or 'test' anything.
DDoS attacks are the Great Equalizer; when it comes to DDoS,
nation-states are just another player.
-----------------------------------
Roland Dobbins <rdobbins at arbor.net>
More information about the NANOG
mailing list