Krebs on Security booted off Akamai network after DDoS attack proves pricey

• Previous message (by thread): Krebs on Security booted off Akamai network after DDoS attack proves pricey
• Next message (by thread): Krebs on Security booted off Akamai network after DDoS attack proves pricey
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Sep 26, 2016 at 7:49 PM, Mark Andrews <marka at isc.org> wrote:

>
> Giving them real time access to the anomalous traffic log feed for
> their residence would also help.  They or the specialist they bring
> in will be able to use that to trace back the problem.
>
>
wouldn't this work better as a standard bit of CPE software capability?
wouldn't something as simple as netflow/sflow/ipfix synthesized on the CPE
and kept for ~30mins (just guessing) in a circular buffer be 'good enough'
to present a pretty clear UI to the user?

ip/mac/vendor sending (webtraffic|email|probes) to destination-name
[checkbox]
<repeat>


select those youd' like to block [clickhere]

This really doesn't seem hard, to present in a fairly straight forward
manner... sure 'all cpe' (or 'a bunch of cpe') have to adopt something
similar to this approach... but on the other hand:
  "At least my ISP isn't snooping on all my traffic"

• Previous message (by thread): Krebs on Security booted off Akamai network after DDoS attack proves pricey
• Next message (by thread): Krebs on Security booted off Akamai network after DDoS attack proves pricey
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]