Krebs on Security booted off Akamai network after DDoS attack proves pricey

Jared Mauch jared at
Tue Sep 27 12:20:22 UTC 2016

> On Sep 26, 2016, at 7:58 PM, Christopher Morrow <morrowc.lists at> wrote:
> On Mon, Sep 26, 2016 at 7:49 PM, Mark Andrews <marka at> wrote:
>> Giving them real time access to the anomalous traffic log feed for
>> their residence would also help.  They or the specialist they bring
>> in will be able to use that to trace back the problem.
> wouldn't this work better as a standard bit of CPE software capability?
> wouldn't something as simple as netflow/sflow/ipfix synthesized on the CPE
> and kept for ~30mins (just guessing) in a circular buffer be 'good enough'
> to present a pretty clear UI to the user?
> ip/mac/vendor sending (webtraffic|email|probes) to destination-name
> [checkbox]
> <repeat>
> select those youd' like to block [clickhere]
> This really doesn't seem hard, to present in a fairly straight forward
> manner... sure 'all cpe' (or 'a bunch of cpe') have to adopt something
> similar to this approach... but on the other hand:
>  "At least my ISP isn't snooping on all my traffic"

The UBNT Edgerouter series has this.  You can get fancy graphs and application

Scroll down and check the images:

You can see the hosts that are doing traffic and the destinations.

They even have a model that takes a SFP so you can use it as CPE for FTTH.

- Jared

More information about the NANOG mailing list