IoT security, was Krebs on Security booted off Akamai network

Rich Kulawiec rsk at
Mon Oct 10 16:48:11 UTC 2016

On Sun, Oct 09, 2016 at 04:47:30PM -0400, bzs at wrote:
> But I well remember proposed spam mitigations back in 2000 being just
> as forcefully shot down because IT WOULD TAKE A DECADE TO IMPLEMENT
> THAT!!!

I remember that.  I also remember the dire predictions that it would
take a decade...which it wouldn't have.

The problems we face today, including spam, DoS attacks, spoofing,
IoT-sourced attacks, etc., have the same easy-to-implement fixes:
it's just there exists no collective will to implement those fixes.

Consider: everyone who is paying attention to their logs knows that
AWS is a systemic/chronic source of spam, SSH brute-force attacks, etc.
I don't think Amazon is actively hostile, I just think that they're
incompetent, lazy, and cheap -- too incompetent, lazy, and cheap
to even cover basics like having a fully-functional [email protected] address,
which is something everyone learns in the first hour of the first
day in Network Administration 101.

This has gone on for *years*.   But if everyone on this list
simultaneously decided to stop accepting packets from AWS, I guarantee
you that it would receive attention within hours.  It might not be
completely fixed by close-of-business that day, but it would not
be the same operation doing the same things.

And by the end of that day, we would all be better off - including
Amazon, although they may not realize it or want to admit it.

The same is true for many other kinds of attacks/abuses from many
other sources.  Either their hostile behavior is the result of
deliberate intent (in which case of *course* they should be blocked)
or it's the result of negligence (in which case their attention
will be pointedly drawn to it).

If you want someone to take action, stop letting it be your problem
and make it THEIR problem.

Or we can all continue to gripe about it for another decade and
spend another $500M on equipment, software, services, and personnel
as we try to solve other peoples' problems at our own expense.


More information about the NANOG mailing list