nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

From: Sam Silvester <sam.silvester () gmail com>
Date: Tue, 27 Sep 2016 14:47:16 +0930
On Tue, Sep 27, 2016 at 1:35 PM, Roland Dobbins <rdobbins () arbor net> wrote:


It call comes down to the network operator, one way or another.  There's
no separation in the public mind of 'my network' from 'the Internet' that
is analogous to the separation between 'the power company' and 'the
electrical wiring in my house/apartment' (and even in that space, the
conceptual separation often isn't present).



Not sure I agree with this. To my knowledge, when somebody loses power,
they go out and check circuit breakers and stuff, then either call an
electrician (if a breaker doesn't stay on or the like), or call their
electricity retailer/distributer. I'm not talking about IT / technically
savvy people either.

Now, I appreciate what you are saying though - end users are
(generalisation incoming, and I am not having a go / being a dick toward
end users) non-technical, busy and not willing to spend money on experts to
help out. They don't understand that their ISP is not responsible / in
control end to end etc, but yeah - not the best analogy above.

As a second comment...I think there is something also to be considered in
Mark's thoughts.

NAT obviously breaks visibility from a network operator's perspective. As
far as we can see, once a user is sending something flagged as abuse, the
best we can tell is the public IPv4 address. This sucks, as it basically
means suspend the user, who gets shitty as a result, and costs money and
time on the phone to helpdesk as a result.

In IPv6, it's not the case that all traffic is sourced from the same public
IP, which is interesting, especially if the network operator's abuse desk
has appropriate tooling to be able to marry that up to a device (probably
with the end user involved of course, but maybe with less effort).

I do also like the idea of IPv4 CPE having a menu displaying DHCP client
ID, in/out bps/pps counters, especially if that is able to be exposed to
the ISP helpdesk / abuse desk if needed. It's a nice to have, but not sure
it'd ever get meaningful deployment in a timeframe that makes it useful.

Food for thought.

Sam
Previous By Date Next
Previous By Thread Next

Current thread: