nanog mailing list archives
Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey
From: Jared Mauch <jared () puck nether net>
Date: Tue, 27 Sep 2016 08:20:22 -0400
On Sep 26, 2016, at 7:58 PM, Christopher Morrow <morrowc.lists () gmail com> wrote: On Mon, Sep 26, 2016 at 7:49 PM, Mark Andrews <marka () isc org> wrote:Giving them real time access to the anomalous traffic log feed for their residence would also help. They or the specialist they bring in will be able to use that to trace back the problem.wouldn't this work better as a standard bit of CPE software capability? wouldn't something as simple as netflow/sflow/ipfix synthesized on the CPE and kept for ~30mins (just guessing) in a circular buffer be 'good enough' to present a pretty clear UI to the user? ip/mac/vendor sending (webtraffic|email|probes) to destination-name [checkbox] <repeat> select those youd' like to block [clickhere] This really doesn't seem hard, to present in a fairly straight forward manner... sure 'all cpe' (or 'a bunch of cpe') have to adopt something similar to this approach... but on the other hand: "At least my ISP isn't snooping on all my traffic"
The UBNT Edgerouter series has this. You can get fancy graphs and application breakdown. Scroll down and check the images: https://help.ubnt.com/hc/en-us/articles/204951104-EdgeMAX-Deep-Packet-Inspection-Engine-for-EdgeRouter You can see the hosts that are doing traffic and the destinations. They even have a model that takes a SFP so you can use it as CPE for FTTH. - Jared
Current thread:
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey, (continued)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Brielle Bruns (Sep 27)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Roland Dobbins (Sep 27)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Peter Beckman (Sep 27)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Mike Hammett (Sep 27)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Mike Hammett (Sep 27)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Jared Mauch (Sep 27)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Sam Silvester (Sep 27)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Roland Dobbins (Sep 27)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Florian Weimer (Sep 27)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Roland Dobbins (Sep 27)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Jared Mauch (Sep 27)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Florian Weimer (Sep 27)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey John R. Levine (Sep 26)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Eliot Lear (Sep 26)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Florian Weimer (Sep 27)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Eliot Lear (Sep 27)
- Message not available
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey John Kristoff (Sep 25)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Ca By (Sep 25)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey jim deleskie (Sep 25)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Ca By (Sep 25)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Eliot Lear (Sep 25)