nanog mailing list archives

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

From: Christopher Morrow <morrowc.lists () gmail com>
Date: Mon, 26 Sep 2016 19:58:51 -0400

On Mon, Sep 26, 2016 at 7:49 PM, Mark Andrews <marka () isc org> wrote:


Giving them real time access to the anomalous traffic log feed for
their residence would also help.  They or the specialist they bring
in will be able to use that to trace back the problem.

wouldn't this work better as a standard bit of CPE software capability?
wouldn't something as simple as netflow/sflow/ipfix synthesized on the CPE
and kept for ~30mins (just guessing) in a circular buffer be 'good enough'
to present a pretty clear UI to the user?

ip/mac/vendor sending (webtraffic|email|probes) to destination-name
[checkbox]
<repeat>


select those youd' like to block [clickhere]

This really doesn't seem hard, to present in a fairly straight forward
manner... sure 'all cpe' (or 'a bunch of cpe') have to adopt something
similar to this approach... but on the other hand:
  "At least my ISP isn't snooping on all my traffic"

Current thread:

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey, (continued)
- - - Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Mike Hammett (Sep 25)
    - Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey John Levine (Sep 25)
    - Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Ca By (Sep 25)
    - Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey John R. Levine (Sep 25)
    - Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Hugo Slabbert (Sep 25)
    - Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey John Levine (Sep 26)
    - Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Mark Andrews (Sep 26)
    - Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Livingood, Jason (Sep 26)
    - Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Mark Andrews (Sep 26)
    - Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Mark Andrews (Sep 26)
    - Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Christopher Morrow (Sep 26)
    - Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Mark Andrews (Sep 26)
    - Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Roland Dobbins (Sep 26)
    - Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Mark Andrews (Sep 26)
    - Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Roland Dobbins (Sep 26)
    - Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Mark Andrews (Sep 26)
    - Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Roland Dobbins (Sep 26)
    - Message not available
    - Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Roland Dobbins (Sep 26)
    - Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Mike Hammett (Sep 27)
    - Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Alan Buxey (Sep 27)
    - Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Jared Mauch (Sep 27)

(Thread continues...)