Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-10-09 Thread Large Hadron Collider
Sorry florian. Meant to put it to list. On 2016-10-09 12:25 PM, Large Hadron Collider wrote: On 2016-10-09 04:20 AM, Florian Weimer wrote: * Eliot Lear: Not my end goal. My end goal is that consumers have a means to limit risk in their home environments, and service providers have a

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-10-09 Thread Florian Weimer
* Eliot Lear: > Not my end goal. My end goal is that consumers have a means to limit > risk in their home environments, and service providers have a means to > deliver that to them. They already have, with today's technology. It's just not a mass-market business. Consumers either have to

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-28 Thread Stephen Satchell
On 09/28/2016 12:33 AM, Eliot Lear wrote: It's not just consumers that need to understand this. Manufacturers of Things are right now on a steep learning curve. Consider that thermostat, for just a moment. In The Gold Old Days, before it had a network interface, the manufacturer cared about a

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-28 Thread Eliot Lear
It's not just consumers that need to understand this. Manufacturers of Things are right now on a steep learning curve. Consider that thermostat, for just a moment. In The Gold Old Days, before it had a network interface, the manufacturer cared about a handful of things like at what temperature

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-28 Thread Alexander Maassen
Levine" <jo...@iecc.com> Cc: nanog@nanog.org Onderwerp: Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey On Sun 2016-Sep-25 17:01:55 -0400, John R. Levine <jo...@iecc.com> wrote: >>https://www.internetsociety.org/sites/default/files/01_5.pdf >

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-27 Thread Roland Dobbins
On 28 Sep 2016, at 0:18, Brielle Bruns wrote: > I call shenanigans on providers not seeing their unruly users. I was talking about the users, not the ISPs. --- Roland Dobbins

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-27 Thread Mark Andrews
In message , Jared Mauch writes: > > > On Sep 27, 2016, at 12:43 AM, Mark Andrews wrote: > > > > Why not? You call a washing machine mechanic when the washing > > machine plays up. This is not conceptually different. > >

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-27 Thread Jared Mauch
> On Sep 27, 2016, at 10:48 AM, Brielle Bruns wrote: > > You start cutting off users or putting them into a walled garden until they > fix their machines, and they will start caring. Wait until the user who claims perfection gets on the phone, etc. We had a network outage

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-27 Thread Mike Hammett
- Original Message - From: "Brielle Bruns" <br...@2mbit.com> To: nanog@nanog.org Sent: Tuesday, September 27, 2016 10:46:39 AM Subject: Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey On 9/27/16 9:35 AM, Roland Dobbins wrote: > On 27 Sep 2016

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-27 Thread Jared Mauch
> On Sep 27, 2016, at 12:43 AM, Mark Andrews wrote: > > Why not? You call a washing machine mechanic when the washing > machine plays up. This is not conceptually different. Mark, Your logic is infallible here, but the equivalencies are not. If I drive on the road and it’s

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-27 Thread Mike Hammett
, 2016 9:48:24 AM Subject: Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey On 9/26/16 10:05 PM, Roland Dobbins wrote: > +1 for this capability in CPE. > > OTOH, it will be of no use whatsoever to the user. Providing the user > with access to anom

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-27 Thread Eygene Ryabinkin
Sun, Sep 25, 2016 at 05:57:42PM -0400, Patrick W. Gilmore wrote: > Remember University of Wisconsin vs. D-Link and their hard-coded > NTP server address? UW vs Netgear and Poul-Henning Kamp vs D-Link, both on NTP stuff? -- Eygene Ryabinkin, National Research Centre "Kurchatov Institute" Always

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-27 Thread Brielle Bruns
On 9/27/16 11:18 AM, Brielle Bruns wrote: On 9/27/16 10:05 AM, Roland Dobbins wrote: I point to the current trend of parents watching and smiling, doing nothing as their kids destroy people's stores and restaurants. ISPs are literally doing the exact same thing when it comes to coddling their

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-27 Thread Brielle Bruns
On 9/27/16 10:05 AM, Roland Dobbins wrote: I point to the current trend of parents watching and smiling, doing nothing as their kids destroy people's stores and restaurants. ISPs are literally doing the exact same thing when it comes to coddling their customers. They can *see* the unruly

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-27 Thread Dale W. Carder
Thus spake Patrick W. Gilmore (patr...@ianai.net) on Sun, Sep 25, 2016 at 05:57:42PM -0400: > On Sep 25, 2016, at 5:50 PM, ryan landry wrote: > > On Sun, Sep 25, 2016 at 9:07 PM, Mark Andrews wrote: > > >> This is such a golden opportunity for each of you

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-27 Thread Peter Beckman
On Tue, 27 Sep 2016, Brielle Bruns wrote: I don't see how this is a problem exactly? If people want to buy devices that connect to their home network, they need to be aware of what these devices can do, and it is their responsibility. I understand that is what you want. What you might

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-27 Thread Keith Stokes
Assuming all devices are vulnerable isn't a bad start. -- Keith Stokes > On Sep 27, 2016, at 11:04 AM, Roland Dobbins wrote: > >> On 27 Sep 2016, at 22:37, Patrick W. Gilmore wrote: >> >> All the more reason to educate people TODAY on why having vulnerable devices >> is

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-27 Thread Roland Dobbins
On 27 Sep 2016, at 22:49, Florian Weimer wrote: Most people over here have at least two providers of water and Internet (although the second one is perhaps sufficient for brushing your teeth, but certainly not for a shower or a bath). That's not a common arrangement in much of the world,

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-27 Thread Patrick W. Gilmore
On Sep 27, 2016, at 11:49 AM, Roland Dobbins wrote: > On 27 Sep 2016, at 22:37, Patrick W. Gilmore wrote: >> All the more reason to educate people TODAY on why having vulnerable devices >> is a Very Bad Idea. > > Yes, but how do they determine that a given device is

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-27 Thread Roland Dobbins
On 27 Sep 2016, at 22:46, Brielle Bruns wrote: I point to the current trend of parents watching and smiling, doing nothing as their kids destroy people's stores and restaurants. ISPs are literally doing the exact same thing when it comes to coddling their customers. They can *see* the

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-27 Thread Roland Dobbins
On 27 Sep 2016, at 22:37, Patrick W. Gilmore wrote: All the more reason to educate people TODAY on why having vulnerable devices is a Very Bad Idea. Yes, but how do they determine that a given device is vulnerable? --- Roland Dobbins

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-27 Thread Florian Weimer
* Roland Dobbins: > On 27 Sep 2016, at 12:17, Sam Silvester wrote: > >> or call their electricity retailer/distributer > > This is the problematic case that is, unfortunately, the default. > > People tend to view anything related to 'the Internet' as a utility, > and for consumers and SMBs, they

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-27 Thread Brielle Bruns
On 9/27/16 9:35 AM, Roland Dobbins wrote: On 27 Sep 2016, at 21:48, Brielle Bruns wrote: You start cutting off users or putting them into a walled garden until they fix their machines, and they will start caring. It's important to keep in mind that in the not-so-distant future, their

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-27 Thread Alan Buxey
hi, >From: NANOG <nanog-boun...@nanog.org> on behalf of Mike Hammett ><na...@ics-il.net> >Sent: 27 September 2016 16:30 >Cc: nanog@nanog.org >Subject: Re: Krebs on Security booted off Akamai network after DDoS attack >proves pricey > >You must not support e

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-27 Thread Roland Dobbins
On 27 Sep 2016, at 12:17, Sam Silvester wrote: or call their electricity retailer/distributer This is the problematic case that is, unfortunately, the default. People tend to view anything related to 'the Internet' as a utility, and for consumers and SMBs, they typically have a single

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-27 Thread Patrick W. Gilmore
On Sep 27, 2016, at 11:35 AM, Roland Dobbins wrote: > On 27 Sep 2016, at 21:48, Brielle Bruns wrote: >> You start cutting off users or putting them into a walled garden until they >> fix their machines, and they will start caring. > > It's important to keep in mind that in

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-27 Thread Roland Dobbins
On 27 Sep 2016, at 21:48, Brielle Bruns wrote: You start cutting off users or putting them into a walled garden until they fix their machines, and they will start caring. It's important to keep in mind that in the not-so-distant future, their 'machines' will include every article of clothing

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-27 Thread Mike Hammett
t> Cc: nanog@nanog.org Sent: Monday, September 26, 2016 11:43:36 PM Subject: Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey In message <b796c128-afdf-45a1-b5af-c29bff06e...@arbor.net>, Roland Dobbins wri tes: > > On 27 Sep 2016, at 6:58, Christop

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-27 Thread Sam Silvester
On Tue, Sep 27, 2016 at 1:35 PM, Roland Dobbins wrote: > It call comes down to the network operator, one way or another. There's > no separation in the public mind of 'my network' from 'the Internet' that > is analogous to the separation between 'the power company' and 'the

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-27 Thread Brielle Bruns
On 9/26/16 10:05 PM, Roland Dobbins wrote: +1 for this capability in CPE. OTOH, it will be of no use whatsoever to the user. Providing the user with access to anomalous traffic feeds won't help, either. Users aren't going to call in some third-party service/support company, either. You

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-27 Thread Jared Mauch
> On Sep 26, 2016, at 7:58 PM, Christopher Morrow > wrote: > > On Mon, Sep 26, 2016 at 7:49 PM, Mark Andrews wrote: > >> >> Giving them real time access to the anomalous traffic log feed for >> their residence would also help. They or the specialist

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-27 Thread Eliot Lear
On 9/27/16 1:19 PM, Florian Weimer wrote: > * Eliot Lear: > >> As some on this thread know, I've been working with the folks who make >> light bulbs and switches. They fit a certain class of device that is >> not general purpose, but rather are specific in nature. For those >> devices it is

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-27 Thread Florian Weimer
* Eliot Lear: > As some on this thread know, I've been working with the folks who make > light bulbs and switches. They fit a certain class of device that is > not general purpose, but rather are specific in nature. For those > devices it is possible for the manufacturers to inform the network

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-27 Thread Florian Weimer
* Mark Andrews: > Dear customer, >we are seeing traffic coming from your network. > > If you need help isolating the source of the traffic here are a few > companies in your city that can help you. > > > > This is not a exhaustive list. > > Support We already had the problem in

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-27 Thread Eliot Lear
John, On 9/27/16 2:13 AM, John R. Levine wrote: >> Therein lies the problem if the traffic does not look anomalous I >> suppose. But even if it does look unusual, ISPs would be asking >> consumers to trash/update/turn off a lot of devices in time – like >> when every home has 10s or 100s of these

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-26 Thread Roland Dobbins
On 27 Sep 2016, at 12:31, Jason Hofmann wrote: It probably was a tough sell to get people to realize they were fully responsible for their in-home wiring, but optional "inside wire maintenance plans" made that clear while also adding to providers' coffers. Perhaps something similar would

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-26 Thread Roland Dobbins
On 27 Sep 2016, at 12:14, Mark Andrews wrote: I'm yet to see a set top box, DVR, TV, games console, phone, etc. that didn't require selecting the WiFi SSID or require you to plug in a ethernet cable. I've 'seen' tens of millions of them, worldwide. You're generalizing your particular

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-26 Thread Mark Andrews
In message , Roland Dobbins writes: > On 27 Sep 2016, at 11:43, Mark Andrews wrote: > > > Why not? You call a washing machine mechanic when the washing machine > > plays up. This is not conceptually different. > > Washing machines aren't a

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-26 Thread Roland Dobbins
On 27 Sep 2016, at 11:43, Mark Andrews wrote: Why not? You call a washing machine mechanic when the washing machine plays up. This is not conceptually different. Washing machines aren't a utility. Internet is viewed as a utility. Actually I don't believe that. They do know what machines

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-26 Thread Mark Andrews
In message , Roland Dobbins wri tes: > > On 27 Sep 2016, at 6:58, Christopher Morrow wrote: > > > wouldn't something as simple as netflow/sflow/ipfix synthesized on the > > CPE and kept for ~30mins (just guessing) in a circular buffer be 'good >

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-26 Thread Roland Dobbins
On 27 Sep 2016, at 6:58, Christopher Morrow wrote: wouldn't something as simple as netflow/sflow/ipfix synthesized on the CPE and kept for ~30mins (just guessing) in a circular buffer be 'good enough' to present a pretty clear UI to the user? +1 for this capability in CPE. OTOH, it will be

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-26 Thread Mark Andrews
In message

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-26 Thread John R. Levine
Therein lies the problem if the traffic does not look anomalous I suppose. But even if it does look unusual, ISPs would be asking consumers to trash/update/turn off a lot of devices in time – like when every home has 10s or 100s of these devices. ISP: Dear customer, looks like one of your

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-26 Thread Christopher Morrow
On Mon, Sep 26, 2016 at 7:49 PM, Mark Andrews wrote: > > Giving them real time access to the anomalous traffic log feed for > their residence would also help. They or the specialist they bring > in will be able to use that to trace back the problem. > > wouldn't this work better

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-26 Thread Mark Andrews
In message <20160926234142.6e7705515...@rock.dv.isc.org>, Mark Andrews writes: > > In message <03dc1038-024a-4d9f-ac5b-3e88cdf56...@cable.comcast.com>, > "Livingood, Jason" writes: > > On 9/26/16, 7:09 PM, "NANOG on behalf of Mark Andrews" > ma...@isc.org> wrote: > > > A good ISP would be

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-26 Thread Mark Andrews
In message <03dc1038-024a-4d9f-ac5b-3e88cdf56...@cable.comcast.com>, "Livingood, Jason" writes: > On 9/26/16, 7:09 PM, "NANOG on behalf of Mark Andrews" ma...@isc.org> wrote: > > A good ISP would be informing their customers that they are seeing > anomalous traffic. > > Therein lies the problem

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-26 Thread Livingood, Jason
On 9/26/16, 7:09 PM, "NANOG on behalf of Mark Andrews" wrote: > A good ISP would be informing their customers that they are seeing anomalous > traffic. Therein lies the problem if the traffic does not look anomalous I suppose. But even if it does look unusual, ISPs would be asking consumers to

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-26 Thread Livingood, Jason
On 9/25/16, 5:57 PM, "NANOG on behalf of Patrick W. Gilmore" wrote: > Yeah, ‘cause that was so successful in the past. > Remember University of Wisconsin vs. D-Link and their hard-coded NTP server > address? Ha! Yeah, an oldie but a

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-26 Thread Mark Andrews
In message <20160926155649.14061.qm...@ary.lan>, "John Levine" writes: > >>That paper is about reflection attacks. From what I've read, this was > >>not a reflection attack. The IoT devices are infected with botware > >>which sends attack traffic directly. Address spoofing is not

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-26 Thread John Levine
>>That paper is about reflection attacks. From what I've read, this was >>not a reflection attack. The IoT devices are infected with botware >>which sends attack traffic directly. Address spoofing is not particularly >>useful for controlling botnets. > >But that's not only remaining use of

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-26 Thread Royce Williams
On Mon, Sep 26, 2016 at 7:23 AM, Mark Milhollan wrote: > > On Sun, 25 Sep 2016, Stephen Satchell wrote: > > >Yeah, right. I looked at BCP38.info, and there is very little concrete > >information. > > Yeah, it's pretty naked. But how-to isn't the usual stumbling block, as >

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-26 Thread Mark Milhollan
On Sun, 25 Sep 2016, Stephen Satchell wrote: >Yeah, right. I looked at BCP38.info, and there is very little concrete >information. Yeah, it's pretty naked. But how-to isn't the usual stumbling block, as has been pointed out in this thread there needs to be the will to spend resources

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-26 Thread John Kristoff
On Sun, 25 Sep 2016 22:59:15 + Stephen Satchell wrote: > In short, I have yet to see a "cookbook" for BGP38 filtering, for ANY > filtering system -- BSD, Linux, Cisco. There is some here for integrating Team Cymru's bogon BGP service into various router platforms:

Re: BCP38 deployment [ was Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey ]

2016-09-26 Thread Vincent Bernat
❦ 26 septembre 2016 09:14 CEST, valdis.kletni...@vt.edu : >> Linux: >> From /etc/sysctl.conf: >> >> # Uncomment the next two lines to enable Spoof protection (reverse-path=20 >> # filter) >> # Turn on Source Address Verification in all interfaces to >> # prevent some spoofing attacks >>

Re: BCP38 deployment [ was Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey ]

2016-09-26 Thread Valdis . Kletnieks
On Sun, 25 Sep 2016 21:19:31 -0700, Hugo Slabbert said: > Linux: > From /etc/sysctl.conf: > > # Uncomment the next two lines to enable Spoof protection (reverse-path=20 > # filter) > # Turn on Source Address Verification in all interfaces to > # prevent some spoofing attacks >

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-26 Thread Eliot Lear
Hi Ryan, On 9/25/16 11:50 PM, ryan landry wrote: > for isp's it's a resourcing vs revenue problem. always has been. Sure. The question is whether IoT can make a change in consumer attitudes. Riek, Bohme, et al have been working on this [1]. And there is earlier work as well. What that

BCP38 deployment [ was Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey ]

2016-09-25 Thread Hugo Slabbert
On Sun 2016-Sep-25 15:59:15 -0700, Stephen Satchell wrote: On 09/25/2016 07:32 AM, Jay R. Ashworth wrote: From: "Jay Farrell via NANOG" And of course Brian Krebs has a thing or two to say, not the least is which to push for BCP38 (good luck with that,

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-25 Thread Hugo Slabbert
On Sun 2016-Sep-25 17:01:55 -0400, John R. Levine wrote: https://www.internetsociety.org/sites/default/files/01_5.pdf The attack is triggered by a few spoofs somewhere in the world. It is not feasible to stop this. That paper is about reflection attacks. From what I've

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-25 Thread John R. Levine
It’s safe to ignore the silent minority that cannot really tell what is happening in most cases, but that doesn’t mean it “works” for any standard I would consider valid. Huh. So you're saying Bill Woodcock doesn't have the skills to see how his traffic is failing? Regards, John Levine,

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-25 Thread Owen DeLong
Assuming all transit providers your packets may traverse on the way to all of your customers is the kind of thing that leads to me quoting Mr. Bush… “I encourage my competitors to try this.” Owen > On Sep 25, 2016, at 6:32 PM, Mark Andrews wrote: > > > In message

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-25 Thread Mark Andrews
In message , Owen DeLong writes: > > > On Sep 24, 2016, at 8:47 AM, John Levine wrote: > > > >>> Well...by anycast, I meant BGP anycast, spreading the "target" > >>> geographically to a dozen or more well connected/peered origins.

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-25 Thread Owen DeLong
> On Sep 24, 2016, at 8:47 AM, John Levine wrote: > >>> Well...by anycast, I meant BGP anycast, spreading the "target" >>> geographically to a dozen or more well connected/peered origins. At that >>> point, your ~600G DDoS might only be around >> >> anycast and tcp? the heck

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-25 Thread Stephen Satchell
On 09/25/2016 07:32 AM, Jay R. Ashworth wrote: From: "Jay Farrell via NANOG" > And of course Brian Krebs has a thing or two to say, not the least is which > to push for BCP38 (good luck with that, right?). > >

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-25 Thread Nick Hilliard
Baldur Norddahl wrote: > The sad thing is that if we boot out grandma they will just switch to one > of our competors and the TV will still be a bot. You can't win. Good thing the smart TV / other IoT manufacturers have taken the responsible approach and have committed to providing lifetime

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-25 Thread Baldur Norddahl
> i wish you luck with that. explaining to grandma that her samsung smart tv > has been rooted and needs to be updated should be good fun. The sad thing is that if we boot out grandma they will just switch to one of our competors and the TV will still be a bot. You can't win.

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-25 Thread Patrick W. Gilmore
On Sep 25, 2016, at 5:50 PM, ryan landry wrote: > On Sun, Sep 25, 2016 at 9:07 PM, Mark Andrews wrote: >> This is such a golden opportunity for each of you to find compromised >> hosts on your network or your customer's network. The number of >> genuine

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-25 Thread ryan landry
On Sun, Sep 25, 2016 at 9:07 PM, Mark Andrews wrote: > > This is such a golden opportunity for each of you to find compromised > hosts on your network or your customer's network. The number of > genuine lookups of the blog vs the number of botted machine would > make it almost

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-25 Thread Mark Andrews
This is such a golden opportunity for each of you to find compromised hosts on your network or your customer's network. The number of genuine lookups of the blog vs the number of botted machine would make it almost certain that anything directed at the blog is a compromised machine. A phone

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-25 Thread John R. Levine
https://www.internetsociety.org/sites/default/files/01_5.pdf The attack is triggered by a few spoofs somewhere in the world. It is not feasible to stop this. That paper is about reflection attacks. From what I've read, this was not a reflection attack. The IoT devices are infected with

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-25 Thread Alexander Lyamin
This time around its not about spoofing. I presume this is development of the same botnet/worm that we seen day2 of Shellshock public disclosure - its was pretty hightech - golang, arm/mips/x86 support, multiple attack vectors - inlcuding (surprisingly) very effective password guessing. It

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-25 Thread Brandon Butterworth
> From deles...@gmail.com Sun Sep 25 20:26:56 2016 > Sorry you don't understand how multinational companies and > peering agreements work Right, thanks for letting me know. > nor any of the relationships my past networks would of had with akamai I don't care what yours were in the past, if

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-25 Thread jim deleskie
with out all aspects being taken into play -jim   Original Message   From:bran...@rd.bbc.co.uk Sent:September 25, 2016 3:16 PM To:cb.li...@gmail.com; deles...@gmail.com Cc:nanog@nanog.org; j...@aharp.iorc.depaul.edu Subject:Re: Krebs on Security booted off Akamai network after DDoS attack proves

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-25 Thread Brandon Butterworth
> From: jim deleskie > Sorry but you are mistaken. I've worked at Sr. levels for several LARGE and > medium sized networks. What does it cost and what do we make doing it, > over rules what is "good for the internet" every time it came up. "nice network you have there, shame

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-25 Thread Chris Woodfield
> On Sep 24, 2016, at 7:47 AM, John Levine wrote: > >>> Well...by anycast, I meant BGP anycast, spreading the "target" >>> geographically to a dozen or more well connected/peered origins. At that >>> point, your ~600G DDoS might only be around >> >> anycast and tcp? the heck

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-25 Thread Eliot Lear
Has anyone stopped to consider what a gift these hackers gave all of us? They exposed their capabilities and nobody got hurt. We all had a notion as to what sort of attacks were possible in theory. Now we have reality. Business being what it is, customers may not be interested in others'

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-25 Thread Ca By
On Sunday, September 25, 2016, jim deleskie wrote: > Sorry but you are mistaken. I've worked at Sr. levels for several LARGE > and medium sized networks. > > mazel tov > > What does it cost and what do we make doing it, over rules what is "good > for the internet" every

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-25 Thread jim deleskie
Sorry but you are mistaken. I've worked at Sr. levels for several LARGE and medium sized networks. What does it cost and what do we make doing it, over rules what is "good for the internet" every time it came up. On Sun, Sep 25, 2016 at 2:27 PM, Ca By wrote: > On Sunday,

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-25 Thread Ca By
On Sunday, September 25, 2016, John Levine wrote: > >> Yeh, bcp38 is not a viable solution. > > Krebs said this DDoS came from insecure IoT devices, of which there > are a kazillion, with the numbers growing every day. Why would they > need to spoof IPs? How would BCP38 help? >

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-25 Thread Ca By
On Sunday, September 25, 2016, John Kristoff wrote: > On Sun, 25 Sep 2016 14:36:18 + > Ca By > wrote: > > > As long as their is one spoof capable network on the net, the problem > will > > not be solved. > > This is not strictly true. If it

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-25 Thread John Levine
>> Yeh, bcp38 is not a viable solution. Krebs said this DDoS came from insecure IoT devices, of which there are a kazillion, with the numbers growing every day. Why would they need to spoof IPs? How would BCP38 help? R's, John

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-25 Thread John Kristoff
On Sun, 25 Sep 2016 14:36:18 + Ca By wrote: > As long as their is one spoof capable network on the net, the problem will > not be solved. This is not strictly true. If it could be determined where a large bulk of the spoofing came from, public pressure could be applied.

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-25 Thread Mike Hammett
-ix.com - Original Message - From: "Ca By" <cb.li...@gmail.com> To: "Jay R. Ashworth" <j...@baylink.com> Cc: "North American Network Operators' Group" <nanog@nanog.org> Sent: Sunday, September 25, 2016 10:13:24 AM Subject: Re: Krebs on Secu

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-25 Thread Ca By
On Sunday, September 25, 2016, Jay R. Ashworth wrote: > - Original Message - > > From: "Ca By" > > > > On Sunday, September 25, 2016, Jay Farrell via NANOG > > > wrote: > > > >> And of course Brian Krebs

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-25 Thread Jay R. Ashworth
- Original Message - > From: "Ca By" > On Sunday, September 25, 2016, Jay Farrell via NANOG > wrote: > >> And of course Brian Krebs has a thing or two to say, not the least is which >> to push for BCP38 (good luck with that, right?). >> >>

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-25 Thread Mike Hammett
t; <jay...@jayfar.com> Cc: "North American Network Operators' Group" <nanog@nanog.org> Sent: Sunday, September 25, 2016 9:36:18 AM Subject: Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey On Sunday, September 25, 2016, Jay Farrell via NANOG &

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-25 Thread Ca By
On Sunday, September 25, 2016, Jay Farrell via NANOG wrote: > And of course Brian Krebs has a thing or two to say, not the least is which > to push for BCP38 (good luck with that, right?). > > https://krebsonsecurity.com/2016/09/the-democratization-of-censorship/ > > Yeh, bcp38

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-25 Thread Jay R. Ashworth
- Original Message - > From: "Jay Farrell via NANOG" > And of course Brian Krebs has a thing or two to say, not the least is which > to push for BCP38 (good luck with that, right?). > > https://krebsonsecurity.com/2016/09/the-democratization-of-censorship/ Well, given

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-25 Thread Jay Farrell via NANOG
And of course Brian Krebs has a thing or two to say, not the least is which to push for BCP38 (good luck with that, right?). https://krebsonsecurity.com/2016/09/the-democratization-of-censorship/ On Sun, Sep 25, 2016 at 12:43 AM, Jay R. Ashworth wrote: > - Original

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-24 Thread Ca By
On Saturday, September 24, 2016, Justin Paine via NANOG wrote: > > DNS Results for query A krebsonsecurity.comAnswer:krebsonsecurity.com 157 > IN A 130.211.45.45 > > On Google now. > > Next question. Will google use the information from the telemetry, rumored to be webcams, to

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-24 Thread Jay Farrell via NANOG
And of course on windows ipconfig /flushdns Still I had to wait for my corporate caching servers to update; I think the TTL on the old A record was an hour. On Sat, Sep 24, 2016 at 9:51 PM, Jared Mauch wrote: > > > On Sep 24, 2016, at 9:28 PM, Justin Paine via NANOG

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-24 Thread Jared Mauch
> On Sep 24, 2016, at 9:28 PM, Justin Paine via NANOG wrote: > > > DNS Results for query A krebsonsecurity.comAnswer:krebsonsecurity.com 157 IN > A 130.211.45.45 I recommend running this command (or similar): rndc flushname krebsonsecurity.com if you still see 127.0.0.1

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-24 Thread Justin Paine via NANOG
DNS Results for query A krebsonsecurity.comAnswer:krebsonsecurity.com 157 IN A 130.211.45.45 On Google now.  Justin Paine Head of Trust & Safety CloudFlare Inc. PGP: BBAA 6BCE 3305 7FD6 6452 711557B6 0114 DE0B 314D On Sat, Sep 24, 2016 at 2:17 PM -0700, "Brett Watson"

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-24 Thread Brett Watson
>> > that's not the one I was thinking of, this is: > > > which references your presentation, nice! and is about J-root, not K-root, > but mentions Lorenzo's work on K-root studies... In anycase, both seem to > say that 'tcp

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-24 Thread Christopher Morrow
On Sat, Sep 24, 2016 at 2:43 PM, Niels Bakker

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-24 Thread Niels Bakker
* morrowc.li...@gmail.com (Christopher Morrow) [Sat 24 Sep 2016, 18:55 CEST]: boy, it'd sure be nice if there were some 'science' and 'measurement' behind such statements. Didn't k-root do some anycast studies ~8-10 years back? Not k-root but CacheFly 2006:

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-24 Thread Christopher Morrow
On Sat, Sep 24, 2016 at 12:28 PM, Bill Woodcock wrote: > > > On Sep 24, 2016, at 7:47 AM, John Levine wrote: > > > >>> Well...by anycast, I meant BGP anycast, spreading the "target" > >>> geographically to a dozen or more well connected/peered origins. At > that

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-24 Thread Bill Woodcock
> On Sep 24, 2016, at 7:47 AM, John Levine wrote: > >>> Well...by anycast, I meant BGP anycast, spreading the "target" >>> geographically to a dozen or more well connected/peered origins. At that >>> point, your ~600G DDoS might only be around >> >> anycast and tcp? the heck

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-24 Thread John Levine
>> Well...by anycast, I meant BGP anycast, spreading the "target" >> geographically to a dozen or more well connected/peered origins. At that >> point, your ~600G DDoS might only be around > >anycast and tcp? the heck you say! :) People who've tried it say it works fine. Routes don't flap that

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-23 Thread Christopher Morrow
On Fri, Sep 23, 2016 at 10:13 PM, Jon Lewis wrote: > On Fri, 23 Sep 2016, Christopher Morrow wrote: > > On Fri, Sep 23, 2016 at 9:24 PM, Jon Lewis wrote: >> >> On Fri, 23 Sep 2016, Patrick W. Gilmore wrote: >>> >>> Is CloudFlare able to filter Layer 7 these

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

2016-09-23 Thread Jon Lewis
On Fri, 23 Sep 2016, Christopher Morrow wrote: On Fri, Sep 23, 2016 at 9:24 PM, Jon Lewis wrote: On Fri, 23 Sep 2016, Patrick W. Gilmore wrote: Is CloudFlare able to filter Layer 7 these days? I was under the impression CloudFlare was not able to do that. There have been

  1   2   >