[191767] in North American Network Operators' Group
Re: Krebs on Security booted off Akamai network after DDoS attack
daemon@ATHENA.MIT.EDU (Mark Andrews)
Tue Sep 27 00:43:45 2016
X-Original-To: nanog@nanog.org
To: Roland Dobbins <rdobbins@arbor.net>
From: Mark Andrews <marka@isc.org>
In-reply-to: Your message of "Tue, 27 Sep 2016 11:05:19 +0700."
<B796C128-AFDF-45A1-B5AF-C29BFF06E54B@arbor.net>
Date: Tue, 27 Sep 2016 14:43:36 +1000
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
In message <B796C128-AFDF-45A1-B5AF-C29BFF06E54B@arbor.net>, Roland Dobbins wri
tes:
>
> On 27 Sep 2016, at 6:58, Christopher Morrow wrote:
>
> > wouldn't something as simple as netflow/sflow/ipfix synthesized on the
> > CPE and kept for ~30mins (just guessing) in a circular buffer be 'good
> > enough' to present a pretty clear UI to the user?
>
> +1 for this capability in CPE.
>
> OTOH, it will be of no use whatsoever to the user. Providing the user
> with access to anomalous traffic feeds won't help, either.
>
> Users aren't going to call in some third-party service/support company,
> either.
Why not? You call a washing machine mechanic when the washing
machine plays up. This is not conceptually different.
> It call comes down to the network operator, one way or another. There's
> no separation in the public mind of 'my network' from 'the Internet'
> that is analogous to the separation between 'the power company' and 'the
> electrical wiring in my house/apartment' (and even in that space, the
> conceptual separation often isn't present).
Actually I don't believe that. They do know what machines they
have have connected to their home network. Boxes don't magically
connect. Every machine was explictly connected.
Mark
> -----------------------------------
> Roland Dobbins <rdobbins@arbor.net>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
