Krebs on Security booted off Akamai network after DDoS attack proves pricey

Mike Hammett nanog at
Tue Sep 27 15:30:32 UTC 2016

You must not support end users. 

Mike Hammett 
Intelligent Computing Solutions 


----- Original Message -----

From: "Mark Andrews" <marka at> 
To: "Roland Dobbins" <rdobbins at> 
Cc: nanog at 
Sent: Monday, September 26, 2016 11:43:36 PM 
Subject: Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey 

In message <B796C128-AFDF-45A1-B5AF-C29BFF06E54B at>, Roland Dobbins wri 
> On 27 Sep 2016, at 6:58, Christopher Morrow wrote: 
> > wouldn't something as simple as netflow/sflow/ipfix synthesized on the 
> > CPE and kept for ~30mins (just guessing) in a circular buffer be 'good 
> > enough' to present a pretty clear UI to the user? 
> +1 for this capability in CPE. 
> OTOH, it will be of no use whatsoever to the user. Providing the user 
> with access to anomalous traffic feeds won't help, either. 
> Users aren't going to call in some third-party service/support company, 
> either. 

Why not? You call a washing machine mechanic when the washing 
machine plays up. This is not conceptually different. 

> It call comes down to the network operator, one way or another. There's 
> no separation in the public mind of 'my network' from 'the Internet' 
> that is analogous to the separation between 'the power company' and 'the 
> electrical wiring in my house/apartment' (and even in that space, the 
> conceptual separation often isn't present). 

Actually I don't believe that. They do know what machines they 
have have connected to their home network. Boxes don't magically 
connect. Every machine was explictly connected. 


> ----------------------------------- 
> Roland Dobbins <rdobbins at> 
Mark Andrews, ISC 
1 Seymour St., Dundas Valley, NSW 2117, Australia 
PHONE: +61 2 9871 4742 INTERNET: marka at 

More information about the NANOG mailing list