nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Death of the Internet, Film at 11

From: Ca By <cb.list6 () gmail com>
Date: Mon, 24 Oct 2016 07:03:14 -0700
On Mon, Oct 24, 2016 at 6:22 AM, Eliot Lear <lear () cisco com> wrote:


Hi,


On 10/24/16 3:06 PM, Ca By wrote:


Assuming MUD is successful in the ietf, the cpe lifecycle is 10 years
before the needle moves. At which point the target will have morphed
to something else. Also, nobody is going to pay for that feature. Just
like the early days of ipv6, the economics were misaligned.


We know of those who are planning to build, so maybe not so much.  The
function doesn't NEED to be in CPE, but it helps.  And again, the CPE
market is changing right now, so be careful about your assumptions.



Please elaborate on concrete evidence to support your claim the CPE market
is changing.




in 10 years, the CPE will also be running PCP, where the bot tells the
CPE to ignore all of MUD and open any arbitrary port it wants.


One of the hidden villains in these attacks, by the way, is uPnP.  The
point is not for the device to self-assert, but for the manufacturer to
assert.  Apart from that PCP actually solves a slightly different
problem.  MUD can tackle interior connectivity, which PCP doesn't really
address.  And really that's what we need to address reflection attacks.

Eliot
Previous By Date Next
Previous By Thread Next

Current thread: