Krebs on Security booted off Akamai network after DDoS attack proves pricey

Christopher Morrow morrowc.lists at
Mon Sep 26 23:58:51 UTC 2016

On Mon, Sep 26, 2016 at 7:49 PM, Mark Andrews <marka at> wrote:

> Giving them real time access to the anomalous traffic log feed for
> their residence would also help.  They or the specialist they bring
> in will be able to use that to trace back the problem.
wouldn't this work better as a standard bit of CPE software capability?
wouldn't something as simple as netflow/sflow/ipfix synthesized on the CPE
and kept for ~30mins (just guessing) in a circular buffer be 'good enough'
to present a pretty clear UI to the user?

ip/mac/vendor sending (webtraffic|email|probes) to destination-name

select those youd' like to block [clickhere]

This really doesn't seem hard, to present in a fairly straight forward
manner... sure 'all cpe' (or 'a bunch of cpe') have to adopt something
similar to this approach... but on the other hand:
  "At least my ISP isn't snooping on all my traffic"

More information about the NANOG mailing list