Krebs on Security booted off Akamai network after DDoS attack proves pricey
Mike Hammett
nanog at ics-il.net
Tue Sep 27 15:30:32 UTC 2016
You must not support end users.
-----
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com
Midwest-IX
http://www.midwest-ix.com
----- Original Message -----
From: "Mark Andrews" <marka at isc.org>
To: "Roland Dobbins" <rdobbins at arbor.net>
Cc: nanog at nanog.org
Sent: Monday, September 26, 2016 11:43:36 PM
Subject: Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey
In message <B796C128-AFDF-45A1-B5AF-C29BFF06E54B at arbor.net>, Roland Dobbins wri
tes:
>
> On 27 Sep 2016, at 6:58, Christopher Morrow wrote:
>
> > wouldn't something as simple as netflow/sflow/ipfix synthesized on the
> > CPE and kept for ~30mins (just guessing) in a circular buffer be 'good
> > enough' to present a pretty clear UI to the user?
>
> +1 for this capability in CPE.
>
> OTOH, it will be of no use whatsoever to the user. Providing the user
> with access to anomalous traffic feeds won't help, either.
>
> Users aren't going to call in some third-party service/support company,
> either.
Why not? You call a washing machine mechanic when the washing
machine plays up. This is not conceptually different.
> It call comes down to the network operator, one way or another. There's
> no separation in the public mind of 'my network' from 'the Internet'
> that is analogous to the separation between 'the power company' and 'the
> electrical wiring in my house/apartment' (and even in that space, the
> conceptual separation often isn't present).
Actually I don't believe that. They do know what machines they
have have connected to their home network. Boxes don't magically
connect. Every machine was explictly connected.
Mark
> -----------------------------------
> Roland Dobbins <rdobbins at arbor.net>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the NANOG
mailing list