nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

From: Mark Andrews <marka () isc org>
Date: Tue, 27 Sep 2016 15:14:33 +1000

In message <EAE71BCC-A260-4AED-92D8-AEE614A8134A () arbor net>, Roland Dobbins writes:

On 27 Sep 2016, at 11:43, Mark Andrews wrote:


Why not?  You call a washing machine mechanic when the washing machine 
plays up.  This is not conceptually different.


Washing machines aren't a utility.  Internet is viewed as a utility.


Actually I don't believe that.  They do know what machines they have 
have connected to their home network.  Boxes don't magically
connect.  Every machine was explictly connected.


First of all, not every devices was explicitly connected by the user.  
Think set-top boxes/DVRs.


I'm yet to see a set top box, DVR, TV, games console, phone, etc.
that didn't require selecting the WiFi SSID or require you to plug
in a ethernet cable.  As I said, they don't magically connect to
the network.  Someone did something to permit them to connect.


Secondly, users connect things an then don't think about them, don't 
remember credentials, had a horrible ordeal (from their perspective) 

Thirdly, expecting users to troubleshoot which of their devices is 
emanating bad traffic is unrealistic.


Which is why there are computer technitions.  If you have a fault
with a fan you call a electrian.  If you have a problem with a
toilet you call a plumber.  Why do you think people are incapable
of calling in someone to help them fix a known issue.


The only effective consumer remediation efforts we've seen to date have 
been broadband access ISPs proactively scanning their customer networks 
and contacting them when exploitable devices and compromised PCs have 
been found.  Although it's a lot of work, that kind of thing can be done 
for CPE broadband routers; it can't be done for the things sitting 
behind those devices, which are doing NAT/firewalling.  The partial 
exception is PCs, because everyone thinks of those when they think of 
'the Internet'.

And the fact that even their lightbulbs are being connected now - i.e., 
the huge proliferation of connected devices - militates against user 
troubleshooting, as well.

-----------------------------------
Roland Dobbins <rdobbins () arbor net>

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka () isc org
Previous By Date Next
Previous By Thread Next

Current thread: