[191691] in North American Network Operators' Group
Re: Krebs on Security booted off Akamai network after DDoS attack
daemon@ATHENA.MIT.EDU (ryan landry)
Sun Sep 25 18:00:40 2016
X-Original-To: nanog@nanog.org
In-Reply-To: <20160925210725.A27185504B03@rock.dv.isc.org>
From: ryan landry <ryan.landry@gmail.com>
Date: Sun, 25 Sep 2016 21:50:01 +0000
To: Mark Andrews <marka@isc.org>
Cc: jtk@aharp.iorc.depaul.edu, nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
On Sun, Sep 25, 2016 at 9:07 PM, Mark Andrews <marka@isc.org> wrote:
>
> This is such a golden opportunity for each of you to find compromised
> hosts on your network or your customer's network. The number of
> genuine lookups of the blog vs the number of botted machine would
> make it almost certain that anything directed at the blog is a
> compromised machine. A phone call to the customer / further analysis
> would reduce the false positive rate.
>
> Mark
>
>
i wish you luck with that. explaining to grandma that her samsung smart tv
has been rooted and needs to be updated should be good fun.
for isp's it's a resourcing vs revenue problem. always has been. always
will be. far more inclined to hold liable the folks that are churning out
terribly dangerous cpe / IoT(shit). surely some regulatory body is looking
into this.
