nanog mailing list archives
Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey
From: Eliot Lear <lear () cisco com>
Date: Tue, 27 Sep 2016 08:54:16 +0200
John, On 9/27/16 2:13 AM, John R. Levine wrote:
Therein lies the problem if the traffic does not look anomalous I suppose. But even if it does look unusual, ISPs would be asking consumers to trash/update/turn off a lot of devices in time – like when every home has 10s or 100s of these devices. ISP: Dear customer, looks like one of your light switches is sending spam. Customer: Which one? I have 25 light switches. And 25 smart bulbs. And 3 smart TVs, and 3 smart thermostats, and 6 cameras, and…That's why turning them off has to be mandatory if the ISP can't mitigate the traffic in real time.
As some on this thread know, I've been working with the folks who make light bulbs and switches. They fit a certain class of device that is not general purpose, but rather are specific in nature. For those devices it is possible for the manufacturers to inform the network what the communication pattern of the device is designed to be. This may be extraordinarily broad or quite narrow, depending on the device. Conveniently, the technology for describing much of this dates back to the paleolithic era in the form of access lists. That is what manufacturer usage descriptions are about. (Yep- MUD. There go my marketing credentials). They're slightly abstracted for adaptation to local deployments. There's a draft and we authors are soliciting comments. The service providers has a strong role to play here, since they drive standards for connectivity. Having some access to residential CPE in particular for this purpose, I believe, is very helpful because by doing so not only can SPs protect others, but can also provide lateral protection within the home. As I wrote upthread, if consumers come to see smart lightbulbs not just as useful, but also as a concern, they may wish their SPs to help them. That's the internalizing of an externality that I see possible, and maybe even probable over time. By the way, this isn't just about deliberate attacks. Ask Raul Rojas who built an IoT-based concept house and then had it taken down by a failing lightbulb.[2] Eliot [1] https://tools.ietf.org/html/draft-ietf-opsawg-mud-00 [2] http://fusion.net/story/55026/this-guys-light-bulb-ddosed-his-entire-smart-house/
Sorry, but something in your house is attacking strangers. Once you figure out what it is, here's a handy list of links to the ongoing class action suits against the manufacturers. Regards, John Levine, johnl () iecc com, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. https://jl.ly
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey, (continued)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Mike Hammett (Sep 27)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Mike Hammett (Sep 27)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Jared Mauch (Sep 27)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Sam Silvester (Sep 27)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Roland Dobbins (Sep 27)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Florian Weimer (Sep 27)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Roland Dobbins (Sep 27)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Jared Mauch (Sep 27)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Florian Weimer (Sep 27)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey John R. Levine (Sep 26)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Eliot Lear (Sep 26)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Florian Weimer (Sep 27)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Eliot Lear (Sep 27)
- Message not available
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey John Kristoff (Sep 25)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Ca By (Sep 25)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey jim deleskie (Sep 25)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Ca By (Sep 25)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Eliot Lear (Sep 25)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Alexander Lyamin (Sep 25)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Mark Andrews (Sep 25)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey ryan landry (Sep 25)