Krebs on Security booted off Akamai network after DDoS attack proves pricey

Peter Beckman beckman at
Tue Sep 27 16:13:39 UTC 2016

On Tue, 27 Sep 2016, Brielle Bruns wrote:

> I don't see how this is a problem exactly?  If people want to buy devices 
> that connect to their home network, they need to be aware of what these 
> devices can do, and it is their responsibility.

  I understand that is what you want. What you might like. What we all would
  like. People taking responsibility for their impact on others.

  Unfortunately people plug things in, and if they work for them, they don't
  even think about how what they are doing might affect anyone else. In some
  cases, they don't even care. They've got soccer games and work and TV
  shows and kids and family. Who has time to become an expert in Internet

  Google is doing a great job of annoying or alerting customers to potential
  issues, such as the red lock icon on their email, indicating that the
  email was sent unencrypted. The user gets worried (oooh, a red lock, that
  must be bad, I'm going to yell at someone to fix it for me) and the
  service provider jumps to improve the Internet, ideally.

  FreeBSD updated their default config so you have to proactively remove
  email encryption.

  If we are truly worried about IoT and consumers contributing to the
  downfall of the Internet, force the consumer router manufacturers and third
  party firmware folks to implement whatever is necessary to make filters
  and blocking the default. 90%+ of consumers don't change any settings,
  beyond the SSID and Wifi Password, and those who do might take the
  responsibility you want.

  Get the ISPs to realize that secure-by-default consumer routers that they
  distribute saves them millions/billions of dollars annually in customer
  service and security personnel. Secure-by-default routers means
  cost-savings. Get ISPs to pressure manufacturers to implement measures to
  protect their own network and the Internet from the non-network-admin consumer.

  We tech folk need to do this for the Internet citizens who don't know,
  don't care, or don't have time to mess with it.

> If Timmy Numbnuts doesn't understand that plugging in a random device he 
> found at Goodwill to his network could potentially carry liabilities, then he 
> will keep doing it.

  Timmy Numbnuts needs to be protected from himself, so when he plugs in
  that device, it doesn't do any harm to anyone but his own network. He'd
  have to proactively turn off features or filters on his Router in order to
  harm others.

> I point to the current trend of parents watching and smiling, doing nothing 
> as their kids destroy people's stores and restaurants.  ISPs are literally 
> doing the exact same thing when it comes to coddling their customers.

  Automation and default configs means customers don't have to do anything,
  nor think about it. They are protected both FROM harm from the Internet
  and FROM harming the Internet, at least by default.

Peter Beckman                                                  Internet Guy
beckman at                       

More information about the NANOG mailing list