Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

Sorry florian. Meant to put it to list. On 2016-10-09 12:25 PM, Large Hadron Collider wrote: On 2016-10-09 04:20 AM, Florian Weimer wrote: * Eliot Lear: Not my end goal. My end goal is that consumers have a means to limit risk in their home environments, and service providers have a means

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

* Eliot Lear: > Not my end goal. My end goal is that consumers have a means to limit > risk in their home environments, and service providers have a means to > deliver that to them. They already have, with today's technology. It's just not a mass-market business. Consumers either have to educa

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

On 09/28/2016 12:33 AM, Eliot Lear wrote: It's not just consumers that need to understand this. Manufacturers of Things are right now on a steep learning curve. Consider that thermostat, for just a moment. In The Gold Old Days, before it had a network interface, the manufacturer cared about a

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

It's not just consumers that need to understand this. Manufacturers of Things are right now on a steep learning curve. Consider that thermostat, for just a moment. In The Gold Old Days, before it had a network interface, the manufacturer cared about a handful of things like at what temperature t

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

ot; Cc: nanog@nanog.org Onderwerp: Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey On Sun 2016-Sep-25 17:01:55 -0400, John R. Levine wrote: >>https://www.internetsociety.org/sites/default/files/01_5.pdf >> >>The attack is triggered by a few spoofs s

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

On 28 Sep 2016, at 0:18, Brielle Bruns wrote: > I call shenanigans on providers not seeing their unruly users. I was talking about the users, not the ISPs. --- Roland Dobbins

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

In message , Jared Mauch writes: > > > On Sep 27, 2016, at 12:43 AM, Mark Andrews wrote: > > > > Why not? You call a washing machine mechanic when the washing > > machine plays up. This is not conceptually different. > > Mark, > > Your logic is infallible here, but the equivalencies are not.

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

> On Sep 27, 2016, at 10:48 AM, Brielle Bruns wrote: > > You start cutting off users or putting them into a walled garden until they > fix their machines, and they will start caring. Wait until the user who claims perfection gets on the phone, etc. We had a network outage that caused a custom

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

x.com - Original Message - From: "Brielle Bruns" To: nanog@nanog.org Sent: Tuesday, September 27, 2016 10:46:39 AM Subject: Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey On 9/27/16 9:35 AM, Roland Dobbins wrote: > On 27 Sep 2016, at 21:48, B

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

> On Sep 27, 2016, at 12:43 AM, Mark Andrews wrote: > > Why not? You call a washing machine mechanic when the washing > machine plays up. This is not conceptually different. Mark, Your logic is infallible here, but the equivalencies are not. If I drive on the road and it’s bumpy, I would c

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

ubject: Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey On 9/26/16 10:05 PM, Roland Dobbins wrote: > +1 for this capability in CPE. > > OTOH, it will be of no use whatsoever to the user. Providing the user > with access to anomalous traffic feeds won&#x

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

Sun, Sep 25, 2016 at 05:57:42PM -0400, Patrick W. Gilmore wrote: > Remember University of Wisconsin vs. D-Link and their hard-coded > NTP server address? UW vs Netgear and Poul-Henning Kamp vs D-Link, both on NTP stuff? -- Eygene Ryabinkin, National Research Centre "Kurchatov Institute" Always c

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

On 9/27/16 11:18 AM, Brielle Bruns wrote: On 9/27/16 10:05 AM, Roland Dobbins wrote: I point to the current trend of parents watching and smiling, doing nothing as their kids destroy people's stores and restaurants. ISPs are literally doing the exact same thing when it comes to coddling their c

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

On 9/27/16 10:05 AM, Roland Dobbins wrote: I point to the current trend of parents watching and smiling, doing nothing as their kids destroy people's stores and restaurants. ISPs are literally doing the exact same thing when it comes to coddling their customers. They can *see* the unruly child

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

Thus spake Patrick W. Gilmore (patr...@ianai.net) on Sun, Sep 25, 2016 at 05:57:42PM -0400: > On Sep 25, 2016, at 5:50 PM, ryan landry wrote: > > On Sun, Sep 25, 2016 at 9:07 PM, Mark Andrews wrote: > > >> This is such a golden opportunity for each of you to find compromised > >> hosts on your

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

On Tue, 27 Sep 2016, Brielle Bruns wrote: I don't see how this is a problem exactly? If people want to buy devices that connect to their home network, they need to be aware of what these devices can do, and it is their responsibility. I understand that is what you want. What you might like.

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

Assuming all devices are vulnerable isn't a bad start. -- Keith Stokes > On Sep 27, 2016, at 11:04 AM, Roland Dobbins wrote: > >> On 27 Sep 2016, at 22:37, Patrick W. Gilmore wrote: >> >> All the more reason to educate people TODAY on why having vulnerable devices >> is a Very Bad Idea. > >

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

On 27 Sep 2016, at 22:49, Florian Weimer wrote: Most people over here have at least two providers of water and Internet (although the second one is perhaps sufficient for brushing your teeth, but certainly not for a shower or a bath). That's not a common arrangement in much of the world, how

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

On Sep 27, 2016, at 11:49 AM, Roland Dobbins wrote: > On 27 Sep 2016, at 22:37, Patrick W. Gilmore wrote: >> All the more reason to educate people TODAY on why having vulnerable devices >> is a Very Bad Idea. > > Yes, but how do they determine that a given device is vulnerable? Easy: Can you

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

On 27 Sep 2016, at 22:46, Brielle Bruns wrote: I point to the current trend of parents watching and smiling, doing nothing as their kids destroy people's stores and restaurants. ISPs are literally doing the exact same thing when it comes to coddling their customers. They can *see* the unru

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

On 27 Sep 2016, at 22:37, Patrick W. Gilmore wrote: All the more reason to educate people TODAY on why having vulnerable devices is a Very Bad Idea. Yes, but how do they determine that a given device is vulnerable? --- Roland Dobbins

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

* Roland Dobbins: > On 27 Sep 2016, at 12:17, Sam Silvester wrote: > >> or call their electricity retailer/distributer > > This is the problematic case that is, unfortunately, the default. > > People tend to view anything related to 'the Internet' as a utility, > and for consumers and SMBs, they t

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

On 9/27/16 9:35 AM, Roland Dobbins wrote: On 27 Sep 2016, at 21:48, Brielle Bruns wrote: You start cutting off users or putting them into a walled garden until they fix their machines, and they will start caring. It's important to keep in mind that in the not-so-distant future, their 'machine

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

hi, >From: NANOG on behalf of Mike Hammett > >Sent: 27 September 2016 16:30 >Cc: nanog@nanog.org >Subject: Re: Krebs on Security booted off Akamai network after DDoS attack >proves pricey > >You must not support end users. haha...i read that wrong. I read it as a

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

On 27 Sep 2016, at 12:17, Sam Silvester wrote: or call their electricity retailer/distributer This is the problematic case that is, unfortunately, the default. People tend to view anything related to 'the Internet' as a utility, and for consumers and SMBs, they typically have a single provid

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

On Sep 27, 2016, at 11:35 AM, Roland Dobbins wrote: > On 27 Sep 2016, at 21:48, Brielle Bruns wrote: >> You start cutting off users or putting them into a walled garden until they >> fix their machines, and they will start caring. > > It's important to keep in mind that in the not-so-distant f

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

On 27 Sep 2016, at 21:48, Brielle Bruns wrote: You start cutting off users or putting them into a walled garden until they fix their machines, and they will start caring. It's important to keep in mind that in the not-so-distant future, their 'machines' will include every article of clothing

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

26, 2016 11:43:36 PM Subject: Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey In message , Roland Dobbins wri tes: > > On 27 Sep 2016, at 6:58, Christopher Morrow wrote: > > > wouldn't something as simple as netflow/sflow/ipfix synthesi

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

On Tue, Sep 27, 2016 at 1:35 PM, Roland Dobbins wrote: > It call comes down to the network operator, one way or another. There's > no separation in the public mind of 'my network' from 'the Internet' that > is analogous to the separation between 'the power company' and 'the > electrical wiring i

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

On 9/26/16 10:05 PM, Roland Dobbins wrote: +1 for this capability in CPE. OTOH, it will be of no use whatsoever to the user. Providing the user with access to anomalous traffic feeds won't help, either. Users aren't going to call in some third-party service/support company, either. You start

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

> On Sep 26, 2016, at 7:58 PM, Christopher Morrow > wrote: > > On Mon, Sep 26, 2016 at 7:49 PM, Mark Andrews wrote: > >> >> Giving them real time access to the anomalous traffic log feed for >> their residence would also help. They or the specialist they bring >> in will be able to use that

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

On 9/27/16 1:19 PM, Florian Weimer wrote: > * Eliot Lear: > >> As some on this thread know, I've been working with the folks who make >> light bulbs and switches. They fit a certain class of device that is >> not general purpose, but rather are specific in nature. For those >> devices it is pos

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

* Eliot Lear: > As some on this thread know, I've been working with the folks who make > light bulbs and switches. They fit a certain class of device that is > not general purpose, but rather are specific in nature. For those > devices it is possible for the manufacturers to inform the network w

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

* Mark Andrews: > Dear customer, >we are seeing traffic coming from your network. > > If you need help isolating the source of the traffic here are a few > companies in your city that can help you. > > > > This is not a exhaustive list. > > Support We already had the problem in th

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

John, On 9/27/16 2:13 AM, John R. Levine wrote: >> Therein lies the problem if the traffic does not look anomalous I >> suppose. But even if it does look unusual, ISPs would be asking >> consumers to trash/update/turn off a lot of devices in time – like >> when every home has 10s or 100s of these

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

On 27 Sep 2016, at 12:31, Jason Hofmann wrote: It probably was a tough sell to get people to realize they were fully responsible for their in-home wiring, but optional "inside wire maintenance plans" made that clear while also adding to providers' coffers. Perhaps something similar would work

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

On 27 Sep 2016, at 12:14, Mark Andrews wrote: I'm yet to see a set top box, DVR, TV, games console, phone, etc. that didn't require selecting the WiFi SSID or require you to plug in a ethernet cable. I've 'seen' tens of millions of them, worldwide. You're generalizing your particular connect

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

In message , Roland Dobbins writes: > On 27 Sep 2016, at 11:43, Mark Andrews wrote: > > > Why not? You call a washing machine mechanic when the washing machine > > plays up. This is not conceptually different. > > Washing machines aren't a utility. Internet is viewed as a utility. > > > Ac

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

On 27 Sep 2016, at 11:43, Mark Andrews wrote: Why not? You call a washing machine mechanic when the washing machine plays up. This is not conceptually different. Washing machines aren't a utility. Internet is viewed as a utility. Actually I don't believe that. They do know what machines t

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

In message , Roland Dobbins wri tes: > > On 27 Sep 2016, at 6:58, Christopher Morrow wrote: > > > wouldn't something as simple as netflow/sflow/ipfix synthesized on the > > CPE and kept for ~30mins (just guessing) in a circular buffer be 'good > > enough' to present a pretty clear UI to the us

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

On 27 Sep 2016, at 6:58, Christopher Morrow wrote: wouldn't something as simple as netflow/sflow/ipfix synthesized on the CPE and kept for ~30mins (just guessing) in a circular buffer be 'good enough' to present a pretty clear UI to the user? +1 for this capability in CPE. OTOH, it will be

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

In message , Christopher Morrow writes: > On Mon, Sep 26, 2016 at 7:49 PM, Mark Andrews wrote: > > > > > Giving them real time access to the anomalous traffic log feed for > > their residence would also help. They or the specialist they bring > > in will be able to use that to trace back the

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

Therein lies the problem if the traffic does not look anomalous I suppose. But even if it does look unusual, ISPs would be asking consumers to trash/update/turn off a lot of devices in time – like when every home has 10s or 100s of these devices. ISP: Dear customer, looks like one of your light

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

On Mon, Sep 26, 2016 at 7:49 PM, Mark Andrews wrote: > > Giving them real time access to the anomalous traffic log feed for > their residence would also help. They or the specialist they bring > in will be able to use that to trace back the problem. > > wouldn't this work better as a standard bi

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

In message <20160926234142.6e7705515...@rock.dv.isc.org>, Mark Andrews writes: > > In message <03dc1038-024a-4d9f-ac5b-3e88cdf56...@cable.comcast.com>, > "Livingood, Jason" writes: > > On 9/26/16, 7:09 PM, "NANOG on behalf of Mark Andrews" > ma...@isc.org> wrote: > > > A good ISP would be infor

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

In message <03dc1038-024a-4d9f-ac5b-3e88cdf56...@cable.comcast.com>, "Livingood, Jason" writes: > On 9/26/16, 7:09 PM, "NANOG on behalf of Mark Andrews" ma...@isc.org> wrote: > > A good ISP would be informing their customers that they are seeing > anomalous traffic. > > Therein lies the problem

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

On 9/26/16, 7:09 PM, "NANOG on behalf of Mark Andrews" wrote: > A good ISP would be informing their customers that they are seeing anomalous > traffic. Therein lies the problem if the traffic does not look anomalous I suppose. But even if it does look unusual, ISPs would be asking consumers to

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

On 9/25/16, 5:57 PM, "NANOG on behalf of Patrick W. Gilmore" wrote: > Yeah, ‘cause that was so successful in the past. > Remember University of Wisconsin vs. D-Link and their hard-coded NTP server > address? Ha! Yeah, an oldie but a goodie. Anyway, maybe this time will be different? (I’m an o

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

In message <20160926155649.14061.qm...@ary.lan>, "John Levine" writes: > >>That paper is about reflection attacks. From what I've read, this was > >>not a reflection attack. The IoT devices are infected with botware > >>which sends attack traffic directly. Address spoofing is not particularly

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

>>That paper is about reflection attacks. From what I've read, this was >>not a reflection attack. The IoT devices are infected with botware >>which sends attack traffic directly. Address spoofing is not particularly >>useful for controlling botnets. > >But that's not only remaining use of

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

On Mon, Sep 26, 2016 at 7:23 AM, Mark Milhollan wrote: > > On Sun, 25 Sep 2016, Stephen Satchell wrote: > > >Yeah, right. I looked at BCP38.info, and there is very little concrete > >information. > > Yeah, it's pretty naked. But how-to isn't the usual stumbling block, as > has been pointed out i

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

On Sun, 25 Sep 2016, Stephen Satchell wrote: >Yeah, right. I looked at BCP38.info, and there is very little concrete >information. Yeah, it's pretty naked. But how-to isn't the usual stumbling block, as has been pointed out in this thread there needs to be the will to spend resources settin

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

On Sun, 25 Sep 2016 22:59:15 + Stephen Satchell wrote: > In short, I have yet to see a "cookbook" for BGP38 filtering, for ANY > filtering system -- BSD, Linux, Cisco. There is some here for integrating Team Cymru's bogon BGP service into various router platforms:

Re: BCP38 deployment [ was Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey ]

❦ 26 septembre 2016 09:14 CEST, valdis.kletni...@vt.edu : >> Linux: >> From /etc/sysctl.conf: >> >> # Uncomment the next two lines to enable Spoof protection (reverse-path=20 >> # filter) >> # Turn on Source Address Verification in all interfaces to >> # prevent some spoofing attacks >> net.ipv4.

Re: BCP38 deployment [ was Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey ]

On Sun, 25 Sep 2016 21:19:31 -0700, Hugo Slabbert said: > Linux: > From /etc/sysctl.conf: > > # Uncomment the next two lines to enable Spoof protection (reverse-path=20 > # filter) > # Turn on Source Address Verification in all interfaces to > # prevent some spoofing attacks > net.ipv4.conf.defaul

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

Hi Ryan, On 9/25/16 11:50 PM, ryan landry wrote: > for isp's it's a resourcing vs revenue problem. always has been. Sure. The question is whether IoT can make a change in consumer attitudes. Riek, Bohme, et al have been working on this [1]. And there is earlier work as well. What that earl

BCP38 deployment [ was Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey ]

On Sun 2016-Sep-25 15:59:15 -0700, Stephen Satchell wrote: On 09/25/2016 07:32 AM, Jay R. Ashworth wrote: From: "Jay Farrell via NANOG" And of course Brian Krebs has a thing or two to say, not the least is which to push for BCP38 (good luck with that, right?). https://krebsonsecurity.com/2

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

On Sun 2016-Sep-25 17:01:55 -0400, John R. Levine wrote: https://www.internetsociety.org/sites/default/files/01_5.pdf The attack is triggered by a few spoofs somewhere in the world. It is not feasible to stop this. That paper is about reflection attacks. From what I've read, this was not

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

It’s safe to ignore the silent minority that cannot really tell what is happening in most cases, but that doesn’t mean it “works” for any standard I would consider valid. Huh. So you're saying Bill Woodcock doesn't have the skills to see how his traffic is failing? Regards, John Levine, jo

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

Assuming all transit providers your packets may traverse on the way to all of your customers is the kind of thing that leads to me quoting Mr. Bush… “I encourage my competitors to try this.” Owen > On Sep 25, 2016, at 6:32 PM, Mark Andrews wrote: > > > In message , Owen DeLong > writes: >>

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

In message , Owen DeLong writes: > > > On Sep 24, 2016, at 8:47 AM, John Levine wrote: > > > >>> Well...by anycast, I meant BGP anycast, spreading the "target" > >>> geographically to a dozen or more well connected/peered origins. At > that > >>> point, your ~600G DDoS might only be around > >>

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

> On Sep 24, 2016, at 8:47 AM, John Levine wrote: > >>> Well...by anycast, I meant BGP anycast, spreading the "target" >>> geographically to a dozen or more well connected/peered origins. At that >>> point, your ~600G DDoS might only be around >> >> anycast and tcp? the heck you say! :) > > P

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

On 09/25/2016 07:32 AM, Jay R. Ashworth wrote: From: "Jay Farrell via NANOG" > And of course Brian Krebs has a thing or two to say, not the least is which > to push for BCP38 (good luck with that, right?). > > https://krebsonsecurity.com/2016/09/the-democratization-of-censorship/ Well, given ho

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

Baldur Norddahl wrote: > The sad thing is that if we boot out grandma they will just switch to one > of our competors and the TV will still be a bot. You can't win. Good thing the smart TV / other IoT manufacturers have taken the responsible approach and have committed to providing lifetime softwa

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

> i wish you luck with that. explaining to grandma that her samsung smart tv > has been rooted and needs to be updated should be good fun. The sad thing is that if we boot out grandma they will just switch to one of our competors and the TV will still be a bot. You can't win.

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

On Sep 25, 2016, at 5:50 PM, ryan landry wrote: > On Sun, Sep 25, 2016 at 9:07 PM, Mark Andrews wrote: >> This is such a golden opportunity for each of you to find compromised >> hosts on your network or your customer's network. The number of >> genuine lookups of the blog vs the number of bott

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

On Sun, Sep 25, 2016 at 9:07 PM, Mark Andrews wrote: > > This is such a golden opportunity for each of you to find compromised > hosts on your network or your customer's network. The number of > genuine lookups of the blog vs the number of botted machine would > make it almost certain that anyth

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

This is such a golden opportunity for each of you to find compromised hosts on your network or your customer's network. The number of genuine lookups of the blog vs the number of botted machine would make it almost certain that anything directed at the blog is a compromised machine. A phone call

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

https://www.internetsociety.org/sites/default/files/01_5.pdf The attack is triggered by a few spoofs somewhere in the world. It is not feasible to stop this. That paper is about reflection attacks. From what I've read, this was not a reflection attack. The IoT devices are infected with botwa

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

This time around its not about spoofing. I presume this is development of the same botnet/worm that we seen day2 of Shellshock public disclosure - its was pretty hightech - golang, arm/mips/x86 support, multiple attack vectors - inlcuding (surprisingly) very effective password guessing. It counted

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

> From deles...@gmail.com Sun Sep 25 20:26:56 2016 > Sorry you don't understand how multinational companies and > peering agreements work Right, thanks for letting me know. > nor any of the relationships my past networks would of had with akamai I don't care what yours were in the past, if peer

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

Brandon, Sorry you don't understand how multinational companies and peering agreements work, nor any of the relationships my past networks would of had with akamai. But be confident in the fact none of your concerns would of been an issue and it certainly wasn't because decisions were made wi

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

> From: jim deleskie > Sorry but you are mistaken. I've worked at Sr. levels for several LARGE and > medium sized networks. What does it cost and what do we make doing it, > over rules what is "good for the internet" every time it came up. "nice network you have there, shame if something were to

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

> On Sep 24, 2016, at 7:47 AM, John Levine wrote: > >>> Well...by anycast, I meant BGP anycast, spreading the "target" >>> geographically to a dozen or more well connected/peered origins. At that >>> point, your ~600G DDoS might only be around >> >> anycast and tcp? the heck you say! :) > > Pe

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

Has anyone stopped to consider what a gift these hackers gave all of us? They exposed their capabilities and nobody got hurt. We all had a notion as to what sort of attacks were possible in theory. Now we have reality. Business being what it is, customers may not be interested in others' securi

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

On Sunday, September 25, 2016, jim deleskie wrote: > Sorry but you are mistaken. I've worked at Sr. levels for several LARGE > and medium sized networks. > > mazel tov > > What does it cost and what do we make doing it, over rules what is "good > for the internet" every time it came up. > > 100

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

Sorry but you are mistaken. I've worked at Sr. levels for several LARGE and medium sized networks. What does it cost and what do we make doing it, over rules what is "good for the internet" every time it came up. On Sun, Sep 25, 2016 at 2:27 PM, Ca By wrote: > On Sunday, September 25, 2016, Joh

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

On Sunday, September 25, 2016, John Levine wrote: > >> Yeh, bcp38 is not a viable solution. > > Krebs said this DDoS came from insecure IoT devices, of which there > are a kazillion, with the numbers growing every day. Why would they > need to spoof IPs? How would BCP38 help? > > R's, > John >

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

On Sunday, September 25, 2016, John Kristoff wrote: > On Sun, 25 Sep 2016 14:36:18 + > Ca By > wrote: > > > As long as their is one spoof capable network on the net, the problem > will > > not be solved. > > This is not strictly true. If it could be determined where a large > bulk of the spo

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

>> Yeh, bcp38 is not a viable solution. Krebs said this DDoS came from insecure IoT devices, of which there are a kazillion, with the numbers growing every day. Why would they need to spoof IPs? How would BCP38 help? R's, John

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

On Sun, 25 Sep 2016 14:36:18 + Ca By wrote: > As long as their is one spoof capable network on the net, the problem will > not be solved. This is not strictly true. If it could be determined where a large bulk of the spoofing came from, public pressure could be applied. This may not have b

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

ww.midwest-ix.com - Original Message - From: "Ca By" To: "Jay R. Ashworth" Cc: "North American Network Operators' Group" Sent: Sunday, September 25, 2016 10:13:24 AM Subject: Re: Krebs on Security booted off Akamai network after DDoS attack proves

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

On Sunday, September 25, 2016, Jay R. Ashworth wrote: > - Original Message - > > From: "Ca By" > > > > On Sunday, September 25, 2016, Jay Farrell via NANOG > > > wrote: > > > >> And of course Brian Krebs has a thing or two to say, not the least is > which > >> to push for BCP38 (good luc

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

- Original Message - > From: "Ca By" > On Sunday, September 25, 2016, Jay Farrell via NANOG > wrote: > >> And of course Brian Krebs has a thing or two to say, not the least is which >> to push for BCP38 (good luck with that, right?). >> >> https://krebsonsecurity.com/2016/09/the-democra

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

;North American Network Operators' Group" Sent: Sunday, September 25, 2016 9:36:18 AM Subject: Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey On Sunday, September 25, 2016, Jay Farrell via NANOG wrote: > And of course Brian Krebs has a thing

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

On Sunday, September 25, 2016, Jay Farrell via NANOG wrote: > And of course Brian Krebs has a thing or two to say, not the least is which > to push for BCP38 (good luck with that, right?). > > https://krebsonsecurity.com/2016/09/the-democratization-of-censorship/ > > Yeh, bcp38 is not a viable s

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

- Original Message - > From: "Jay Farrell via NANOG" > And of course Brian Krebs has a thing or two to say, not the least is which > to push for BCP38 (good luck with that, right?). > > https://krebsonsecurity.com/2016/09/the-democratization-of-censorship/ Well, given how few contributi

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

And of course Brian Krebs has a thing or two to say, not the least is which to push for BCP38 (good luck with that, right?). https://krebsonsecurity.com/2016/09/the-democratization-of-censorship/ On Sun, Sep 25, 2016 at 12:43 AM, Jay R. Ashworth wrote: > - Original Message - > > From: "

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

- Original Message - > From: "Jay Farrell via NANOG" > And of course on windows ipconfig /flushdns > > Still I had to wait for my corporate caching servers to update; I think the > TTL on the old A record was an hour. Are big eyeball networks still flooring A record TTLs on resolution?

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

On Saturday, September 24, 2016, Justin Paine via NANOG wrote: > > DNS Results for query A krebsonsecurity.comAnswer:krebsonsecurity.com 157 > IN A 130.211.45.45 > > On Google now. > > Next question. Will google use the information from the telemetry, rumored to be webcams, to defang the bot ?

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

And of course on windows ipconfig /flushdns Still I had to wait for my corporate caching servers to update; I think the TTL on the old A record was an hour. On Sat, Sep 24, 2016 at 9:51 PM, Jared Mauch wrote: > > > On Sep 24, 2016, at 9:28 PM, Justin Paine via NANOG > wrote: > > > > > > DNS Re

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

> On Sep 24, 2016, at 9:28 PM, Justin Paine via NANOG wrote: > > > DNS Results for query A krebsonsecurity.comAnswer:krebsonsecurity.com 157 IN > A 130.211.45.45 I recommend running this command (or similar): rndc flushname krebsonsecurity.com if you still see 127.0.0.1 - Jared

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

DNS Results for query A krebsonsecurity.comAnswer:krebsonsecurity.com 157 IN A 130.211.45.45 On Google now.  Justin Paine Head of Trust & Safety CloudFlare Inc. PGP: BBAA 6BCE 3305 7FD6 6452 711557B6 0114 DE0B 314D On Sat, Sep 24, 2016 at 2:17 PM -0700, "Brett Watson" wro

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

>> > that's not the one I was thinking of, this is: > > > which references your presentation, nice! and is about J-root, not K-root, > but mentions Lorenzo's work on K-root studies... In anycase, both seem to > say that 'tcp anyc

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

On Sat, Sep 24, 2016 at 2:43 PM, Niels Bakker wrote: > * morrowc.li...@gmail.com (Christopher Morrow) [Sat 24 Sep 2016, 18:55 > CEST]: > >> boy, it'd sure be nice if there were some 'science' and 'measurement' >> behind such statements. >> Didn't k-root do some anycast studies ~8-10 years back? >

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

* morrowc.li...@gmail.com (Christopher Morrow) [Sat 24 Sep 2016, 18:55 CEST]: boy, it'd sure be nice if there were some 'science' and 'measurement' behind such statements. Didn't k-root do some anycast studies ~8-10 years back? Not k-root but CacheFly 2006: https://www.nanog.org/meetings/nano

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

On Sat, Sep 24, 2016 at 12:28 PM, Bill Woodcock wrote: > > > On Sep 24, 2016, at 7:47 AM, John Levine wrote: > > > >>> Well...by anycast, I meant BGP anycast, spreading the "target" > >>> geographically to a dozen or more well connected/peered origins. At > that > >>> point, your ~600G DDoS mig

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

> On Sep 24, 2016, at 7:47 AM, John Levine wrote: > >>> Well...by anycast, I meant BGP anycast, spreading the "target" >>> geographically to a dozen or more well connected/peered origins. At that >>> point, your ~600G DDoS might only be around >> >> anycast and tcp? the heck you say! :) > > P

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

>> Well...by anycast, I meant BGP anycast, spreading the "target" >> geographically to a dozen or more well connected/peered origins. At that >> point, your ~600G DDoS might only be around > >anycast and tcp? the heck you say! :) People who've tried it say it works fine. Routes don't flap that o

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

On Fri, Sep 23, 2016 at 10:13 PM, Jon Lewis wrote: > On Fri, 23 Sep 2016, Christopher Morrow wrote: > > On Fri, Sep 23, 2016 at 9:24 PM, Jon Lewis wrote: >> >> On Fri, 23 Sep 2016, Patrick W. Gilmore wrote: >>> >>> Is CloudFlare able to filter Layer 7 these days? I was under the >>> impress

  1   2   >