Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

[Eliot Lear <lear () cisco com>]

John,

On 9/27/16 2:13 AM, John R. Levine wrote:
> > Therein lies the problem if the traffic does not look anomalous I
> > suppose. But even if it does look unusual, ISPs would be asking
> > consumers to trash/update/turn off a lot of devices in time – like
> > when every home has 10s or 100s of these devices.
> > ISP: Dear customer, looks like one of your light switches is sending
> > spam.
> > Customer: Which one? I have 25 light switches. And 25 smart bulbs.
> > And 3 smart TVs, and 3 smart thermostats, and 6 cameras, and…
>
> That's why turning them off has to be mandatory if the ISP can't
> mitigate the traffic in real time.

As some on this thread know, I've been working with the folks who make
light bulbs and switches.  They fit a certain class of device that is
not general purpose, but rather are specific in nature.  For those
devices it is possible for the manufacturers to inform the network what
the communication pattern of the device is designed to be.  This may be
extraordinarily broad or quite narrow, depending on the device. 
Conveniently, the technology for describing much of this dates back to
the paleolithic era in the form of access lists.  That is what
manufacturer usage descriptions are about.  (Yep- MUD.  There go my
marketing credentials). They're slightly abstracted for adaptation to
local deployments.   There's a draft and we authors are soliciting comments.

The service providers has a strong role to play here, since they drive
standards for connectivity.  Having some access to residential CPE in
particular for this purpose, I believe, is very helpful because by doing
so not only can SPs protect others, but can also provide lateral
protection within the home.  As I wrote upthread, if consumers come to
see smart lightbulbs not just as useful, but also as a concern, they may
wish their SPs to help them.  That's the internalizing of an externality
that I see possible, and maybe even probable over time.

By the way, this isn't just about deliberate attacks.  Ask Raul Rojas
who built an IoT-based concept house and then had it taken down by a
failing lightbulb.[2]

Eliot

[1] https://tools.ietf.org/html/draft-ietf-opsawg-mud-00
[2]
http://fusion.net/story/55026/this-guys-light-bulb-ddosed-his-entire-smart-house/

> Sorry, but something in your house is attacking strangers.  Once you
> figure out what  it is, here's a handy list of links to the ongoing
> class action suits against the manufacturers.
>
> Regards,
> John Levine, johnl () iecc com, Primary Perpetrator of "The Internet for
> Dummies",
> Please consider the environment before reading this e-mail. https://jl.ly

Attachment: signature.asc
Description: OpenPGP digital signature