[192900] in North American Network Operators' Group
Re: Spitballing IoT Security
daemon@ATHENA.MIT.EDU (Roland Dobbins)
Fri Dec 2 06:32:07 2016
X-Original-To: nanog@nanog.org
From: Roland Dobbins <rdobbins@arbor.net>
To: <nanog@nanog.org>
Date: Fri, 2 Dec 2016 18:28:51 +0700
In-Reply-To: <26234.1477787539@segfault.tristatelogic.com>
Errors-To: nanog-bounces@nanog.org
On 30 Oct 2016, at 7:32, Ronald F. Guilmette wrote:
> you don't need to be either an omnious "state actor" or even SPECTER =
> to assemble a truly massive packet weapon.
I agree:
<https://www.arbornetworks.com/blog/asert/how-to-become-an-internet-super=
villain-in-three-easy-steps/>
;>
> Two kids with a modest amount of knowledge and a lot of time on their =
> hands can do it from their mom's basement.
And indeed have done so, many times.
The *entire purpose* of Mirai is DDoS-for-hire - it's a foundation for =
so-called 'booter/stresser' services. So, the various articles about =
how these botnets 'might' be for sale are uninformed - they're *for =
rent*, that's their raison d'=C3=AAtre.
And renting them is cheap. The economic and resource asymmetries highly =
favor the attackers.
All the speculation about how 'state actors' are somehow 'learning how =
to take down the Internet' is equally uninformed. State actors already =
know how to do this, they don't need to 'learn' or 'test' anything.
DDoS attacks are the Great Equalizer; when it comes to DDoS, =
nation-states are just another player.
-----------------------------------
Roland Dobbins <rdobbins@arbor.net>
