Krebs on Security booted off Akamai network after DDoS attack proves pricey
Roland Dobbins
rdobbins at arbor.net
Tue Sep 27 04:56:04 UTC 2016
On 27 Sep 2016, at 11:43, Mark Andrews wrote:
> Why not? You call a washing machine mechanic when the washing machine
> plays up. This is not conceptually different.
Washing machines aren't a utility. Internet is viewed as a utility.
> Actually I don't believe that. They do know what machines they have
> have connected to their home network. Boxes don't magically
> connect. Every machine was explictly connected.
First of all, not every devices was explicitly connected by the user.
Think set-top boxes/DVRs.
Secondly, users connect things an then don't think about them, don't
remember credentials, had a horrible ordeal (from their perspective)
connecting said devices and then promptly forgot how to administer them.
Thirdly, expecting users to troubleshoot which of their devices is
emanating bad traffic is unrealistic.
The only effective consumer remediation efforts we've seen to date have
been broadband access ISPs proactively scanning their customer networks
and contacting them when exploitable devices and compromised PCs have
been found. Although it's a lot of work, that kind of thing can be done
for CPE broadband routers; it can't be done for the things sitting
behind those devices, which are doing NAT/firewalling. The partial
exception is PCs, because everyone thinks of those when they think of
'the Internet'.
And the fact that even their lightbulbs are being connected now - i.e.,
the huge proliferation of connected devices - militates against user
troubleshooting, as well.
-----------------------------------
Roland Dobbins <rdobbins at arbor.net>
More information about the NANOG
mailing list