Re: Spitballing IoT Security

[Roland Dobbins <rdobbins () arbor net>]

On 30 Oct 2016, at 7:32, Ronald F. Guilmette wrote:

>  you don't need to be either an omnious "state actor" or even SPECTER 
> to assemble a truly massive packet weapon.

I agree:

<https://www.arbornetworks.com/blog/asert/how-to-become-an-internet-supervillain-in-three-easy-steps/>

;>

> Two kids with a modest amount of knowledge and a lot of time on their 
> hands can do it from their mom's basement.

And indeed have done so, many times.

The *entire purpose* of Mirai is DDoS-for-hire - it's a foundation for 
so-called 'booter/stresser' services.  So, the various  articles about 
how these botnets 'might' be for sale are uninformed - they're *for 
rent*, that's their raison d'être.

And renting them is cheap.  The economic and resource asymmetries highly 
favor the attackers.

All the speculation about how 'state actors' are somehow 'learning how 
to take down the Internet' is equally uninformed.  State actors already 
know how to do this, they don't need to 'learn' or 'test' anything.

DDoS attacks are the Great Equalizer; when it comes to DDoS, 
nation-states are just another player.

-----------------------------------
Roland Dobbins <rdobbins () arbor net>