[191810] in North American Network Operators' Group
Re: Krebs on Security booted off Akamai network after DDoS attack
daemon@ATHENA.MIT.EDU (Dale W. Carder)
Tue Sep 27 12:59:40 2016
X-Original-To: nanog@nanog.org
Date: Tue, 27 Sep 2016 10:43:54 -0500
From: "Dale W. Carder" <dwcarder@es.net>
To: "Patrick W. Gilmore" <patrick@ianai.net>
In-Reply-To: <3A96EAB7-BB50-495E-A75D-562E999D726D@ianai.net>
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
Thus spake Patrick W. Gilmore (patrick@ianai.net) on Sun, Sep 25, 2016 at 05:57:42PM -0400:
> On Sep 25, 2016, at 5:50 PM, ryan landry <ryan.landry@gmail.com> wrote:
> > On Sun, Sep 25, 2016 at 9:07 PM, Mark Andrews <marka@isc.org> wrote:
>
> >> This is such a golden opportunity for each of you to find compromised
> >> hosts on your network or your customer's network. The number of
> >> genuine lookups of the blog vs the number of botted machine would
> >> make it almost certain that anything directed at the blog is a
> >> compromised machine. A phone call to the customer / further analysis
> >> would reduce the false positive rate.
> >>
> >> Mark
> >>
> >>
> > i wish you luck with that. explaining to grandma that her samsung smart tv
> > has been rooted and needs to be updated should be good fun.
> >
> > for isp's it's a resourcing vs revenue problem. always has been. always
> > will be. far more inclined to hold liable the folks that are churning out
> > terribly dangerous cpe / IoT(shit). surely some regulatory body is looking
> > into this.
>
> Yeah, ‘cause that was so successful in the past.
>
> Remember University of Wisconsin vs. D-Link and their hard-coded NTP server address?
Interestingly, this was just recently looked at again for the Internet of Things
Software Update Workshop (IoTSU). See:
http://pages.cs.wisc.edu/~plonka/iotsu/IoTSU_2016_paper_25.pdf
3,564 devices still remain.
best,
Dale
