Krebs on Security booted off Akamai network after DDoS attack proves pricey
jared at puck.nether.net
Tue Sep 27 12:20:22 UTC 2016
> On Sep 26, 2016, at 7:58 PM, Christopher Morrow <morrowc.lists at gmail.com> wrote:
> On Mon, Sep 26, 2016 at 7:49 PM, Mark Andrews <marka at isc.org> wrote:
>> Giving them real time access to the anomalous traffic log feed for
>> their residence would also help. They or the specialist they bring
>> in will be able to use that to trace back the problem.
> wouldn't this work better as a standard bit of CPE software capability?
> wouldn't something as simple as netflow/sflow/ipfix synthesized on the CPE
> and kept for ~30mins (just guessing) in a circular buffer be 'good enough'
> to present a pretty clear UI to the user?
> ip/mac/vendor sending (webtraffic|email|probes) to destination-name
> select those youd' like to block [clickhere]
> This really doesn't seem hard, to present in a fairly straight forward
> manner... sure 'all cpe' (or 'a bunch of cpe') have to adopt something
> similar to this approach... but on the other hand:
> "At least my ISP isn't snooping on all my traffic"
The UBNT Edgerouter series has this. You can get fancy graphs and application
Scroll down and check the images:
You can see the hosts that are doing traffic and the destinations.
They even have a model that takes a SFP so you can use it as CPE for FTTH.
More information about the NANOG