Death of the Internet, Film at 11
lear at cisco.com
Mon Oct 24 13:22:03 UTC 2016
On 10/24/16 3:06 PM, Ca By wrote:
> Assuming MUD is successful in the ietf, the cpe lifecycle is 10 years
> before the needle moves. At which point the target will have morphed
> to something else. Also, nobody is going to pay for that feature. Just
> like the early days of ipv6, the economics were misaligned.
We know of those who are planning to build, so maybe not so much. The
function doesn't NEED to be in CPE, but it helps. And again, the CPE
market is changing right now, so be careful about your assumptions.
> in 10 years, the CPE will also be running PCP, where the bot tells the
> CPE to ignore all of MUD and open any arbitrary port it wants.
One of the hidden villains in these attacks, by the way, is uPnP. The
point is not for the device to self-assert, but for the manufacturer to
assert. Apart from that PCP actually solves a slightly different
problem. MUD can tackle interior connectivity, which PCP doesn't really
address. And really that's what we need to address reflection attacks.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 481 bytes
Desc: OpenPGP digital signature
More information about the NANOG