Krebs on Security booted off Akamai network after DDoS attack proves pricey

Mark Andrews marka at isc.org
Tue Sep 27 05:14:33 UTC 2016


In message <EAE71BCC-A260-4AED-92D8-AEE614A8134A at arbor.net>, Roland Dobbins writes:
> On 27 Sep 2016, at 11:43, Mark Andrews wrote:
> 
> > Why not?  You call a washing machine mechanic when the washing machine 
> > plays up.  This is not conceptually different.
> 
> Washing machines aren't a utility.  Internet is viewed as a utility.
> 
> > Actually I don't believe that.  They do know what machines they have 
> > have connected to their home network.  Boxes don't magically
> > connect.  Every machine was explictly connected.
> 
> First of all, not every devices was explicitly connected by the user.  
> Think set-top boxes/DVRs.

I'm yet to see a set top box, DVR, TV, games console, phone, etc.
that didn't require selecting the WiFi SSID or require you to plug
in a ethernet cable.  As I said, they don't magically connect to
the network.  Someone did something to permit them to connect.

> Secondly, users connect things an then don't think about them, don't 
> remember credentials, had a horrible ordeal (from their perspective) 
> 
> Thirdly, expecting users to troubleshoot which of their devices is 
> emanating bad traffic is unrealistic.

Which is why there are computer technitions.  If you have a fault
with a fan you call a electrian.  If you have a problem with a
toilet you call a plumber.  Why do you think people are incapable
of calling in someone to help them fix a known issue.

> The only effective consumer remediation efforts we've seen to date have 
> been broadband access ISPs proactively scanning their customer networks 
> and contacting them when exploitable devices and compromised PCs have 
> been found.  Although it's a lot of work, that kind of thing can be done 
> for CPE broadband routers; it can't be done for the things sitting 
> behind those devices, which are doing NAT/firewalling.  The partial 
> exception is PCs, because everyone thinks of those when they think of 
> 'the Internet'.
> 
> And the fact that even their lightbulbs are being connected now - i.e., 
> the huge proliferation of connected devices - militates against user 
> troubleshooting, as well.
> 
> -----------------------------------
> Roland Dobbins <rdobbins at arbor.net>
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org



More information about the NANOG mailing list