nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

From: Mark Andrews <marka () isc org>
Date: Tue, 27 Sep 2016 09:49:39 +1000

In message <20160926234142.6E7705515473 () rock dv isc org>, Mark Andrews writes:


In message <03DC1038-024A-4D9F-AC5B-3E88CDF56246 () cable comcast com>, "Livingood, Jason" writes:

On 9/26/16, 7:09 PM, "NANOG on behalf of Mark Andrews" <on behalf of
marka () isc org> wrote:

A good ISP would be informing their customers that they are seeing

anomalous traffic.

Therein lies the problem if the traffic does not look anomalous I
suppose. But even if it does look unusual, ISPs would be asking consumers
to trash/update/turn off a lot of devices in time  like when every home
has 10s or 100s of these devices.
ISP: Dear customer, looks like one of your light switches is sending spam.
Customer: Which one? I have 25 light switches. And 25 smart bulbs. And 3
smart TVs, and 3 smart thermostats, and 6 cameras, and

;-)

Jason



Dear customer,
       we are seeing <xxxx> traffic coming from your network.

If you need help isolating the source of the traffic here are a few
companies in your city that can help you.

      <list of companies>

This is not a exhaustive list.

Support

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka () isc org


Giving them real time access to the anomalous traffic log feed for
their residence would also help.  They or the specialist they bring
in will be able to use that to trace back the problem.

Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka () isc org
Previous By Date Next
Previous By Thread Next

Current thread: