Spitballing IoT Security

Mel Beckman mel at beckman.org
Thu Oct 27 01:44:27 UTC 2016

People under appreciate the power of a million-strong IoT bot net. Just a few K per second from each bot becomes gigabits per second at the target. 


> On Oct 26, 2016, at 4:41 PM, Ronald F. Guilmette <rfg at tristatelogic.com> wrote:
> In message <CAF-Wqd5sO0x5muw6uPDxMXd+h1ebCCtL9Ke9uMEc7k364OfHLA at mail.gmail.com>
> Ken Matlock <matlockken at gmail.com> wrote:
>> - End users need to have ways to easily see what's going on over their
>> local networks, to see botnet-like activity and DDoS participation (among
>> other things) in a more real-time fashion
> This is an interesting point.
> I'm not actually an ISP guy, although I do play one on TV.  Anyway,
> I hope nobody will begrudge me if I make a couple of brief points,
> and then ask a rather naive question.
> Point:  I have a DSL line which is limited to 6Mbps down and 756Kbps up.
> My guess is that if any typical/average user is seen to be using more
> than, say, 1/10 of that amount of "up" bandwidth in any one given 10
> minute time period, then something is really really REALLY wrong.
> Point:  I am already signed up with various services which will send me
> automated emails whenever certain events occur, e.g. when the price of
> 2TB WD Black drives falls below my personal threshold value.
> Point:  My ISP knows my email address.
> Question:  Could ISPs set something up so that each customer broadband
> line is continuously and individually monitored, and so that an automated
> email would be automagically dashed off to the customer if that customer's
> "up" bandwidth in some time period exceeded a value which, for that ISP,
> is deemed "reasonable"?  (I envision the hypothetical email messages in
> question would consist of a non-threatening warning to the customer which
> would include a link to a web page where there would be a list of common
> things end-lusers should check for in such circumstances, along with
> detailed and clear instructions for how to check for each, and also a
> "don't ever bother me with these warnings again" checkbox, and perhaps
> even a friendly slider where the end-luser could adjust his personal
> warning threshold value, for the future.)
> Of course, any ISP that desperately -never- wants to receive -any- end-
> luser support calls quite certainly won't like this scheme.  But I'm not
> sure that that fact alone would utterly disqualify the idea from being
> useful in some contexts.
> The real question is:  Is anything even remotely along these lines even
> possible with existing commonly used ISP infrastructure?  (If not, then just
> forget I mentioned it.)
> Regards,
> rfg
> P.S.  One possible big advantage to the kind of system described above is
> that if an ISP received a complaint about a given customer, alleging that
> the customer is running a bot, then the ISP could go and look at the
> warning settings for that customer.  If that's already been set to
> "don't ever bother me', then the ISP can disconnect the customer, and
> when the customer inevitably saquaks about that, the ISP can respond and
> say "We told you so."

More information about the NANOG mailing list