[devil's advocate hat on]<br><br>Assuming a 25 Mbit/s upstream, an NBN end-user will be out of their 1TB quota in less than 10 hours.<br><br>We should also not forget that in NBN world RSPs will still have a CPE under their full control on end-user premises, which they could use to implement said "tactical measures" without NBN Co's help.<br>
<br>[devil's advocate hat off]<br><br>BTW, just today came across an excellent analysis of what probably is
the largest known botnet to date (16M+ hosts). Country breakdown:<br>
<br>
<a href="http://www.nobunkum.ru/issue003/tdss-botnet/stat_countries.png">http://www.nobunkum.ru/issue003/tdss-botnet/stat_countries.png</a><br>
<br>
(Article itself - <a href="http://www.nobunkum.ru/issue003/tdss-botnet/">http://www.nobunkum.ru/issue003/tdss-botnet/</a> - sorry,
it's in Russian, but they say that the English version is coming soon).<br><br>Just my 2c.<br><br>-- D<br><br><div class="gmail_quote">On Sat, Sep 18, 2010 at 9:22 PM, Andrew Fort <span dir="ltr"><<a href="mailto:afort@choqolat.org">afort@choqolat.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;"><div class="im">On Sat, Sep 18, 2010 at 9:09 PM, David Hughes <<a href="mailto:david@hughes.com.au">david@hughes.com.au</a>> wrote:<br>
>><br>
>> Didn't really happen. Speaking holistically, it's hard to argue that the<br>
>> state of the security art is any worse now than it's ever been.<br>
><br>
> Can't say I can agree with that Mark. I reckon it did happen. In the days of Dial-up, the outbound capability of the average compromised machines was so limited that the target of a DoS attack was pretty much restricted to other dial-up clients. V.90 only gave you 33k outbound so you'd need a metric shedload of compromised machines to do any significant damage to a well connected content source.<br>
><br>
> With the advent of ADSL, the dramatically increased outbound capacity means that a botnet can now have a pretty good crack at a tier-1 web property or the root nameservers. Take that to an NBN environment and you have gone for a 20:1 outbound ratio at 20mbps to a 2.5:1 ratio at 100mbps. I'd suggest that even a single NBN attached machine could do significant damage to an "average" web site.<br>
><br>
<br>
</div>And now that you can "kill anyone" with fewer bots, you just increased<br>
the value of the botherders assets. e.g., If I only need 5000<br>
machines instead of 50k for a "single unit of pwn", I have 90% of my<br>
infrastructure idle for making me more money. I'm assuming the market<br>
has sufficient demand for additional DDoS, but the point is any<br>
additional packet-per-second makes the herders more money. As we<br>
know, ethernet networks are generally very effective at delivering<br>
line-rate. So expect DDoS to put heavy pressure on the G[x]PON OLTs.<br>
<div class="im"><br>
> So I stand by my autobahn analogy. The problem has always existed. But at higher speeds it just more dramatic (or a dramatic outcome is much easier to achieve).<br>
<br>
</div>I think you're 100% right - the botherders will follow the money, and<br>
they'll come to the NBN like they have to other hyper connected<br>
societies, because it makes them more money to do so. I read that as<br>
Roland's message.<br>
<br>
I'd like to see the NBNco talk about rate-limiting and other tactical<br>
measures (such as temporary ACLs, pushback-like approaches and so on),<br>
that can be triggered by RSPs via the API, as a way of rapidly<br>
reducing the economic value of the end hosts attached to the NBN for<br>
bot herders. That'd be something they could be really proud of, I<br>
reckon.<br>
<font color="#888888"><br>
-a<br>
</font><div><div></div><div class="h5">_______________________________________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
</div></div></blockquote></div><br>