Krebs on Security booted off Akamai network after DDoS attack proves pricey
cb.list6 at gmail.com
Sun Sep 25 17:27:01 UTC 2016
On Sunday, September 25, 2016, John Kristoff <jtk at depaul.edu> wrote:
> On Sun, 25 Sep 2016 14:36:18 +0000
> > As long as their is one spoof capable network on the net, the problem
> > not be solved.
> This is not strictly true. If it could be determined where a large
> bulk of the spoofing came from, public pressure could be applied. This
> may not have been the issue in this case, but in many amplification and
> reflection attacks, the originating spoof-enabled networks were from a
> limited set of networks. De-peering, service termination, shaming, etc
> could have an effect.
Ok, sorry for the not being exact. I am trying to be practical.
My point is, a lot of access networks will respond to public pressure if
the data is exposed on the offending real ips of the iot crap, and they
will enforce their AUP.
We have seen comcast do just that, on this list a few months back. That
path has legs.
Google also blocks service to certain hacked networks as well, we have seen
that on this list too. That is an interesting angle in the krebs case. Will
google block service to folks sharing ip with the iot ddos mess ?
More information about the NANOG