Krebs on Security booted off Akamai network after DDoS attack proves pricey
morrowc.lists at gmail.com
Mon Sep 26 23:58:51 UTC 2016
On Mon, Sep 26, 2016 at 7:49 PM, Mark Andrews <marka at isc.org> wrote:
> Giving them real time access to the anomalous traffic log feed for
> their residence would also help. They or the specialist they bring
> in will be able to use that to trace back the problem.
wouldn't this work better as a standard bit of CPE software capability?
wouldn't something as simple as netflow/sflow/ipfix synthesized on the CPE
and kept for ~30mins (just guessing) in a circular buffer be 'good enough'
to present a pretty clear UI to the user?
ip/mac/vendor sending (webtraffic|email|probes) to destination-name
select those youd' like to block [clickhere]
This really doesn't seem hard, to present in a fairly straight forward
manner... sure 'all cpe' (or 'a bunch of cpe') have to adopt something
similar to this approach... but on the other hand:
"At least my ISP isn't snooping on all my traffic"
More information about the NANOG