[191690] in North American Network Operators' Group
Re: Krebs on Security booted off Akamai network after DDoS attack
daemon@ATHENA.MIT.EDU (Patrick W. Gilmore)
Sun Sep 25 17:57:46 2016
X-Original-To: nanog@nanog.org
From: "Patrick W. Gilmore" <patrick@ianai.net>
In-Reply-To: <CAK_-TSZGbDaxF+j2B=NtA22kBVwCzi7Dwp_h=8fVXzBkHZUD-A@mail.gmail.com>
Date: Sun, 25 Sep 2016 17:57:42 -0400
To: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
On Sep 25, 2016, at 5:50 PM, ryan landry <ryan.landry@gmail.com> wrote:
> On Sun, Sep 25, 2016 at 9:07 PM, Mark Andrews <marka@isc.org> wrote:
>> This is such a golden opportunity for each of you to find compromised
>> hosts on your network or your customer's network. The number of
>> genuine lookups of the blog vs the number of botted machine would
>> make it almost certain that anything directed at the blog is a
>> compromised machine. A phone call to the customer / further analysis
>> would reduce the false positive rate.
>>=20
>> Mark
>>=20
>>=20
> i wish you luck with that. explaining to grandma that her samsung =
smart tv
> has been rooted and needs to be updated should be good fun.
>=20
> for isp's it's a resourcing vs revenue problem. always has been. =
always
> will be. far more inclined to hold liable the folks that are churning =
out
> terribly dangerous cpe / IoT(shit). surely some regulatory body is =
looking
> into this.
Yeah, =E2=80=98cause that was so successful in the past.
Remember University of Wisconsin vs. D-Link and their hard-coded NTP =
server address?
--=20
TTFN,
patrick
