Death of the Internet, Film at 11
rsk at gsp.org
Sat Oct 22 14:46:12 UTC 2016
On Sat, Oct 22, 2016 at 03:22:55PM +0100, Brandon Butterworth wrote:
> Well their addresses are now known so one way would be for each ISP to
> drop traffic from them. If people don't fix them why should these
> devices stay on the net?
Bingo. The manufacturer of these decided to build them as cheaply as
possible in order to maximize profit. They neglected even rudimentary
security and maintenance/update measures. Because they could. Because
they chose to. They thus shifted the burden, and thus the cost,
of running them in a secure fashion onto us.
Yesterday everyone paid that cost.
It's time to shift the cost back. Drop all their traffic and when the
support calls come, tell them that they bought a known-defective device
which is an operational hazard to the network, and refer them to
the manufacturer for replacement/repair/refund.
Note: every other vendor out there who might be tempted to cut corners is
no doubt watching this and trying to gauge whether they can do the same.
More information about the NANOG