Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

[Mike Hammett <nanog () ics-il net>]

You must not support end users. 




----- 
Mike Hammett 
Intelligent Computing Solutions 
http://www.ics-il.com 

Midwest-IX 
http://www.midwest-ix.com 

----- Original Message -----

From: "Mark Andrews" <marka () isc org> 
To: "Roland Dobbins" <rdobbins () arbor net> 
Cc: nanog () nanog org 
Sent: Monday, September 26, 2016 11:43:36 PM 
Subject: Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey 


In message <B796C128-AFDF-45A1-B5AF-C29BFF06E54B () arbor net>, Roland Dobbins wri 
tes: 
> On 27 Sep 2016, at 6:58, Christopher Morrow wrote: 
>
> > wouldn't something as simple as netflow/sflow/ipfix synthesized on the 
> > CPE and kept for ~30mins (just guessing) in a circular buffer be 'good 
> > enough' to present a pretty clear UI to the user? 
>
> +1 for this capability in CPE. 
>
> OTOH, it will be of no use whatsoever to the user. Providing the user 
> with access to anomalous traffic feeds won't help, either. 
>
> Users aren't going to call in some third-party service/support company, 
> either. 

Why not? You call a washing machine mechanic when the washing 
machine plays up. This is not conceptually different. 

> It call comes down to the network operator, one way or another. There's 
> no separation in the public mind of 'my network' from 'the Internet' 
> that is analogous to the separation between 'the power company' and 'the 
> electrical wiring in my house/apartment' (and even in that space, the 
> conceptual separation often isn't present). 

Actually I don't believe that. They do know what machines they 
have have connected to their home network. Boxes don't magically 
connect. Every machine was explictly connected. 

Mark 

> ----------------------------------- 
> Roland Dobbins <rdobbins () arbor net> 
-- 
Mark Andrews, ISC 
1 Seymour St., Dundas Valley, NSW 2117, Australia 
PHONE: +61 2 9871 4742 INTERNET: marka () isc org