[191772] in North American Network Operators' Group
Re: Krebs on Security booted off Akamai network after DDoS attack
daemon@ATHENA.MIT.EDU (Eliot Lear)
Tue Sep 27 02:54:30 2016
X-Original-To: nanog@nanog.org
To: "John R. Levine" <johnl@iecc.com>,
"Livingood, Jason" <Jason_Livingood@comcast.com>
From: Eliot Lear <lear@cisco.com>
Date: Tue, 27 Sep 2016 08:54:16 +0200
In-Reply-To: <alpine.OSX.2.11.1609262012010.65974@ary.qy>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--SmejoBegFNOTLpGSODWapNi8c4BdhDLtx
From: Eliot Lear <lear@cisco.com>
To: "John R. Levine" <johnl@iecc.com>,
"Livingood, Jason" <Jason_Livingood@comcast.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Message-ID: <68205034-2027-e1ed-13ec-fb22eaa1a47e@cisco.com>
Subject: Re: Krebs on Security booted off Akamai network after DDoS attack
proves pricey
References: <20160926155649.14061.qmail@ary.lan>
<20160926230946.685605514EDF@rock.dv.isc.org>
<03DC1038-024A-4D9F-AC5B-3E88CDF56246@cable.comcast.com>
<alpine.OSX.2.11.1609262012010.65974@ary.qy>
In-Reply-To: <alpine.OSX.2.11.1609262012010.65974@ary.qy>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
John,
On 9/27/16 2:13 AM, John R. Levine wrote:
>> Therein lies the problem if the traffic does not look anomalous I
>> suppose. But even if it does look unusual, ISPs would be asking
>> consumers to trash/update/turn off a lot of devices in time =E2=80=93 =
like
>> when every home has 10s or 100s of these devices.
>> ISP: Dear customer, looks like one of your light switches is sending
>> spam.
>> Customer: Which one? I have 25 light switches. And 25 smart bulbs.
>> And 3 smart TVs, and 3 smart thermostats, and 6 cameras, and=E2=80=A6
>
> That's why turning them off has to be mandatory if the ISP can't
> mitigate the traffic in real time.
As some on this thread know, I've been working with the folks who make
light bulbs and switches. They fit a certain class of device that is
not general purpose, but rather are specific in nature. For those
devices it is possible for the manufacturers to inform the network what
the communication pattern of the device is designed to be. This may be
extraordinarily broad or quite narrow, depending on the device.=20
Conveniently, the technology for describing much of this dates back to
the paleolithic era in the form of access lists. That is what
manufacturer usage descriptions are about. (Yep- MUD. There go my
marketing credentials). They're slightly abstracted for adaptation to
local deployments. There's a draft and we authors are soliciting commen=
ts.
The service providers has a strong role to play here, since they drive
standards for connectivity. Having some access to residential CPE in
particular for this purpose, I believe, is very helpful because by doing
so not only can SPs protect others, but can also provide lateral
protection within the home. As I wrote upthread, if consumers come to
see smart lightbulbs not just as useful, but also as a concern, they may
wish their SPs to help them. That's the internalizing of an externality
that I see possible, and maybe even probable over time.
By the way, this isn't just about deliberate attacks. Ask Raul Rojas
who built an IoT-based concept house and then had it taken down by a
failing lightbulb.[2]
Eliot
[1] https://tools.ietf.org/html/draft-ietf-opsawg-mud-00
[2]
http://fusion.net/story/55026/this-guys-light-bulb-ddosed-his-entire-smar=
t-house/
>
> Sorry, but something in your house is attacking strangers. Once you
> figure out what it is, here's a handy list of links to the ongoing
> class action suits against the manufacturers.
>
> Regards,
> John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for
> Dummies",
> Please consider the environment before reading this e-mail. https://jl.=
ly
>
--SmejoBegFNOTLpGSODWapNi8c4BdhDLtx
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2
iQEcBAEBCAAGBQJX6heZAAoJEIe2a0bZ0nozXGYH/3GzewPmyu+I8YKURU/iUi+9
XenMTzdZdD0EK+zOWDftwzjhF0kaawRnZz9t+S2t3fC1JDpkRbI/ouzUS6wwRf/B
CJamQhXH0iXQol0TFAevOqQEZqMpxH+uJ7N7vWh0m1f752wcTRKRhZ8N274/8C2+
cKTNwH5ZDUnuZxYkRh4uw+T3xrn7YaG2qBsvjg10ubrCvyH+pTTdMUfF55ilgkrZ
vRNsz04rOU9WhWHXungVa/pimwiyTvmh6h2OwvQYxah13aMGvca2VUek9C7fDArC
hmAIADBI2PAu/7fUIIY70xvwYYXw9m2vv7gBkQ02A0CK//qx49wzzU5FwmUibig=
=HovN
-----END PGP SIGNATURE-----
--SmejoBegFNOTLpGSODWapNi8c4BdhDLtx--
