Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

[Mark Andrews <marka () isc org>]

In message <B796C128-AFDF-45A1-B5AF-C29BFF06E54B () arbor net>, Roland Dobbins wri
tes:
> On 27 Sep 2016, at 6:58, Christopher Morrow wrote:
>
> > wouldn't something as simple as netflow/sflow/ipfix synthesized on the 
> > CPE and kept for ~30mins (just guessing) in a circular buffer be 'good 
> > enough' to present a pretty clear UI to the user?
>
> +1 for this capability in CPE.
>
> OTOH, it will be of no use whatsoever to the user.  Providing the user 
> with access to anomalous traffic feeds won't help, either.
>
> Users aren't going to call in some third-party service/support company, 
> either.

Why not?  You call a washing machine mechanic when the washing
machine plays up.  This is not conceptually different. 

> It call comes down to the network operator, one way or another.  There's 
> no separation in the public mind of 'my network' from 'the Internet' 
> that is analogous to the separation between 'the power company' and 'the 
> electrical wiring in my house/apartment' (and even in that space, the 
> conceptual separation often isn't present).

Actually I don't believe that.  They do know what machines they
have have connected to their home network.  Boxes don't magically
connect.  Every machine was explictly connected.

Mark

> -----------------------------------
> Roland Dobbins <rdobbins () arbor net>
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka () isc org