[191796] in North American Network Operators' Group
Re: Krebs on Security booted off Akamai network after DDoS attack
daemon@ATHENA.MIT.EDU (Mike Hammett)
Tue Sep 27 11:30:42 2016
X-Original-To: nanog@nanog.org
Date: Tue, 27 Sep 2016 10:30:32 -0500 (CDT)
From: Mike Hammett <nanog@ics-il.net>
Cc: nanog@nanog.org
In-Reply-To: <20160927044337.3586D5519DB9@rock.dv.isc.org>
Errors-To: nanog-bounces@nanog.org
You must not support end users.
-----
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com
Midwest-IX
http://www.midwest-ix.com
----- Original Message -----
From: "Mark Andrews" <marka@isc.org>
To: "Roland Dobbins" <rdobbins@arbor.net>
Cc: nanog@nanog.org
Sent: Monday, September 26, 2016 11:43:36 PM
Subject: Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey
In message <B796C128-AFDF-45A1-B5AF-C29BFF06E54B@arbor.net>, Roland Dobbins wri
tes:
>
> On 27 Sep 2016, at 6:58, Christopher Morrow wrote:
>
> > wouldn't something as simple as netflow/sflow/ipfix synthesized on the
> > CPE and kept for ~30mins (just guessing) in a circular buffer be 'good
> > enough' to present a pretty clear UI to the user?
>
> +1 for this capability in CPE.
>
> OTOH, it will be of no use whatsoever to the user. Providing the user
> with access to anomalous traffic feeds won't help, either.
>
> Users aren't going to call in some third-party service/support company,
> either.
Why not? You call a washing machine mechanic when the washing
machine plays up. This is not conceptually different.
> It call comes down to the network operator, one way or another. There's
> no separation in the public mind of 'my network' from 'the Internet'
> that is analogous to the separation between 'the power company' and 'the
> electrical wiring in my house/apartment' (and even in that space, the
> conceptual separation often isn't present).
Actually I don't believe that. They do know what machines they
have have connected to their home network. Boxes don't magically
connect. Every machine was explictly connected.
Mark
> -----------------------------------
> Roland Dobbins <rdobbins@arbor.net>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
