Re: Death of the Internet, Film at 11

On 10/23/2016 4:19 PM, Ronald F. Guilmette wrote: ... I've recorded about 2.4 million IP addresses involved in the last two months (a number that is higher than the number of actual devices, since most seem to have dynamic IP addresses). The ISPs behind those IP addresses have received

Re: Death of the Internet, Film at 11

Aaron C. de Bruyn via NANOG : > On Sun, Oct 23, 2016 at 12:41 PM, wrote: > > > > Assuming these manufacturers who are culpable carry product liability > > insurance go to their insurance companies and explain the situation. > > Cheaper solution: Start a

Re: Death of the Internet, Film at 11

A bit tidbits of information from: > http://www.networkworld.com/article/3134035/chinese-firm-admits-its-hacked-products-were-behind-fridays-massive-ddos-attack.html Chinese firm admits its hacked products were behind Friday's massive DDOS attack Hangzhou Xiongmai Technology, a vendor behind

Re: Death of the Internet, Film at 11

On Sun, Oct 23, 2016 at 12:41 PM, wrote: > > Assuming these manufacturers who are culpable carry product liability > insurance go to their insurance companies and explain the situation. Cheaper solution: Start a company, build crappy firmware, carry product liability

Re: Death of the Internet, Film at 11

On 10/23/2016 21:02, David Conrad wrote: Shut down subnets of your own customers? That was the problem I broke my pick on 20 years or more ago. ISPs absolute refusal to put in filters at no-revenue-expense since it would cost money to install and maintain, and worst of all MIGHT

Re: Death of the Internet, Film at 11

On 10/23/2016 07:02 PM, David Conrad wrote: > On October 23, 2016 at 6:52:05 PM, Stephen Satchell (l...@satchell.net) wrote: > So, bottom line, nothing is going to happen until the cost to those > negligent provides rises so high as to affect profits. Period. > Yep. Or government intervention.

Re: Death of the Internet, Film at 11

On October 23, 2016 at 6:52:05 PM, Stephen Satchell (l...@satchell.net) wrote: So, bottom line, nothing is going to happen until the cost to those  negligent provides rises so high as to affect profits. Period.  Yep.  Or government intervention. Larger eyeball operators could help, by shutting

Re: Death of the Internet, Film at 11

On 10/23/2016 04:19 PM, Ronald F. Guilmette wrote: > I guess that's just an example of what somebody else already noted here, > i.e. that providers don't care to spend the time and/or effort and/or > money necessary to actually -do- anything about compromised boxes, and > anyway, they don't want

Re: Death of the Internet, Film at 11

I've heard this crap for 20+ years now. "attack traffic" is unplanned traffic. Build networks to support "random" bursts of garbage is much more expensive then you will ever get to bill for. You clearly have no understanding of the economics of networks. On Sun, Oct 23, 2016 at 10:39 PM, Keith

Re: Death of the Internet, Film at 11

A support call to an end-user serving ISP takes how long to ROI? That wouldn't make sense. - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest-IX http://www.midwest-ix.com - Original Message - From: "Keith Medcalf" To:

Re: Death of the Internet, Film at 11

Why would the provider want to do anything?  They suuport (make money from) their cudtomers.  And the more traffic the send/receive, the more money the providers make. Wouldn't surprise me if the providers were selling access to their customers networks to the botherders so they could make

Re: Death of the Internet, Film at 11

On October 23, 2016 at 17:14 hanni...@gmail.com (Martin Hannigan) wrote: > > > >On Oct 23, 2016, at 16:26, b...@theworld.com wrote: > > > >I'm not sure who you mean when you say "people". My reference was to >manufacturers of IoT devices only. > > >The users are not going to be able

Re: Death of the Internet, Film at 11

In message <874m43qsk2@mid.deneb.enyo.de>, Florian Weimer wrote: >Not that the underlying threat will go away until we find a way to >clean up almost all of the compromised devices (and without breaking >the Internet along the way, forever). The Internet *is* already

Re: Death of the Internet, Film at 11

In message <26b01962-9b09-11cb-0ac8-89cf3e0a5...@nuclearfallout.net>, John Weekes wrote: >... I've recorded >about 2.4 million IP addresses involved in the last two months (a number >that is higher than the number of actual devices, since most seem to >have dynamic

Re: FW: Death of the Internet, Film at 11

In message <580bf91d.9060...@vaxination.ca>, Jean-Francois Mezei wrote: >Problem is that many of these gadgets want to be internet connected so >mother at work can check on her kids at home... Ah, technology! Just think what certain people could have accomplished

Re: Dyn DDoS this AM?

In message

Re: Death of the Internet, Film at 11

In message <580bf49c.5090...@vaxination.ca>, Jean-Francois Mezei wrote: >10s of millons of IP addresses. Is it realistic to have 10s of millions >of infected devices ? Or is that the dense smoke that points to IP >spoofing ? I haven't read the latest

Re: Death of the Internet, Film at 11

In message

Re: Death of the Internet, Film at 11

On 2016-10-23 15:46, jim deleskie wrote: > Sure lets sue people because they put too many/bad packets/packets I don't > like on the internet. Do you think this will really solve the porblem? Do > you think we'll not just all end up with internet prices like US medical > care prices? If this

Re: Death of the Internet, Film at 11

> On Oct 23, 2016, at 16:26, b...@theworld.com wrote: > > > I'm not sure who you mean when you say "people". My reference was to > manufacturers of IoT devices only. The users are not going to be able to help. You're right, it's all about the manufacturers. If you can remove or reduce

Re: Death of the Internet, Film at 11

I'm not sure who you mean when you say "people". My reference was to manufacturers of IoT devices only. But as I said in the note which you quoted lawsuits might be helpful but aren't necessary. One just has to get underwriters of the manufacturers' product liability insurance to acknowledge

Re: Death of the Internet, Film at 11

Sure lets sue people because they put too many/bad packets/packets I don't like on the internet. Do you think this will really solve the porblem? Do you think we'll not just all end up with internet prices like US medical care prices? On Sun, Oct 23, 2016 at 4:41 PM, wrote:

Re: Death of the Internet, Film at 11

>So once identified, how do you suggest this gets fixed? Assuming these manufacturers who are culpable carry product liability insurance go to their insurance companies and explain the situation. Better would be someone launching a product liability lawsuit against one of them but it's not

Re: Death of the Internet, Film at 11

I think you make a very good point with the TRS80 etc comment, at least implicitly: it's not just the vulnerable IoT devices, some sort of infrastructure is needed to get the attack going at the volume we've seen. And perhaps therein lies an answer. On October 22, 2016 at 16:47

Re: Death of the Internet, Film at 11

Clinton, On 10/23/2016 8:12 AM, clinton mielke wrote: My question for you guys, since Im a theoretician and not a seasoned operator: how feasible or legal is it to find telnet scanning activity or any of these passwords in high-bandwidth netflows? If its feasible, then this at least gets you

Re: Death of the Internet, Film at 11

Clinton, This is excellent information. While it's not possible to see passwords in netflows (only headers are included, not packet contents), it's a sure thing that attacked victims could extract a list of infected machines from the IP address scan and then run verification scans against just

Re: Death of the Internet, Film at 11

A number of people are asking for advice on how to detect this bug. Here are some thoughts. Im a mathematician, and not a network operator, so would love feedback. The source code of Mirai is here, and Ive had some fun taking it apart over the last week:

Re: Death of the Internet, Film at 11

* Randy Bush: >> What does BCP38 have to do with this? > > nothing technical, as these iot attacks are not spoofed. How do you know? Has anyone disclosed specifics? I can understand that keeping details under wraps is sometimes required for operational security, but if the attacks are clearly

Re: Death of the Internet, Film at 11

* Keith Medcalf: > On: Saturday, 22 October, 2016 17:41, Jean-Francois Mezei > wrote: > >> On 2016-10-22 19:03, Keith Medcalf wrote: > >> > This does not follow and is not a natural consequence of sealing the >> little buggers up so that they cannot affect the

Re: Death of the Internet, Film at 11

* David Conrad: > Maybe (not sure) one way would be to examine your resolver query logs > to look for queries for names that fit domain generation algorithm > patterns, then tracking down the customers/devices that are issuing > those queries and politely suggest they remove the malware on their

Re: Death of the Internet, Film at 11

>From Dyn's statement, http://hub.dyn.com/static/hub.dyn.com/dyn-blog/dyn-statement-on-10-21-2016-ddos-attack.html we have "After restoring service, Dyn experienced a second wave of attacks just before noon ET. This second wave was more global in nature (i.e. not limited to our East Coast