Krebs on Security booted off Akamai network after DDoS attack proves pricey

Mark Andrews marka at isc.org
Mon Sep 26 23:49:39 UTC 2016


In message <20160926234142.6E7705515473 at rock.dv.isc.org>, Mark Andrews writes:
> 
> In message <03DC1038-024A-4D9F-AC5B-3E88CDF56246 at cable.comcast.com>, "Livingood, Jason" writes:
> > On 9/26/16, 7:09 PM, "NANOG on behalf of Mark Andrews" <on behalf of
> > marka at isc.org> wrote:
> > > A good ISP would be informing their customers that they are seeing
> > anomalous traffic.
> >
> > Therein lies the problem if the traffic does not look anomalous I
> > suppose. But even if it does look unusual, ISPs would be asking consumers
> > to trash/update/turn off a lot of devices in time  like when every home
> > has 10s or 100s of these devices.
> > ISP: Dear customer, looks like one of your light switches is sending spam.
> > Customer: Which one? I have 25 light switches. And 25 smart bulbs. And 3
> > smart TVs, and 3 smart thermostats, and 6 cameras, and
> >
> > ;-)
> >
> > Jason
> >
> 
> Dear customer,
> 	 we are seeing <xxxx> traffic coming from your network.
> 
> If you need help isolating the source of the traffic here are a few
> companies in your city that can help you.
> 
> 	<list of companies>
> 
> This is not a exhaustive list.
> 
> Support
> 
> -- 
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

Giving them real time access to the anomalous traffic log feed for
their residence would also help.  They or the specialist they bring
in will be able to use that to trace back the problem.

Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org



More information about the NANOG mailing list