<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Verdana;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.m8981336766756662619hoenzb
{mso-style-name:m_8981336766756662619hoenzb;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:black;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-AU" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal">3). Business model's will likely need to change or volumes will need to be better supported; there are various ways to solve this from routing most services through ddos protection or perhaps just outstripping ddos volumes by having so
much surplus capacity it isn't a concern (whilst this may not often be feasible or economical) it seems that is the way things are moving. Buy Scale, Build Scale, or eat the ddos.<o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black;mso-fareast-language:EN-US">Yum…. Yum… Yum Packets for Dinner anyone ??<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black;mso-fareast-language:EN-US">With the price of international IP transit from major carriers around the world below $0.40 cents per mbit the cost of bandwidth has
dropped a lot….The only costly part to the equation is brining unwanted dirty traffic back to Australia.. (but why do that) much easier to clean unwanted traffic as close to the source as possible if you have the technology.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black;mso-fareast-language:EN-US">On a side note….What I do find interesting is I saw no abnormal traffic on large global peering exchange graphs during this attack…..
ie <o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black;mso-fareast-language:EN-US"><a href="https://ams-ix.net/technical/statistics">https://ams-ix.net/technical/statistics</a> and
<a href="https://www.de-cix.net/en/locations/germany/frankfurt/statistics">https://www.de-cix.net/en/locations/germany/frankfurt/statistics</a>
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black;mso-fareast-language:EN-US">So where did the traffic come from……<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black;mso-fareast-language:EN-US">Kindest Regards<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span lang="EN-US" style="font-size:11.0pt;font-family:"Verdana",sans-serif;color:black">James Braunegg<br>
</span></b><b><span lang="EN-US" style="font-size:8.0pt;font-family:"Verdana",sans-serif;color:black">P:</span></b><span lang="EN-US" style="font-size:8.0pt;font-family:"Verdana",sans-serif;color:black"> 1300 769 972 |
<b>M:</b> 0488 997 207 | <b>D:</b> (03) 9751 7616<o:p></o:p></span></p>
<p class="MsoNormal"><b><span lang="EN-US" style="font-size:8.0pt;font-family:"Verdana",sans-serif;color:black">E:</span></b><span lang="EN-US" style="font-size:8.0pt;font-family:"Verdana",sans-serif;color:black">
</span><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black"><a href="mailto:james.braunegg@micron21.com"><span style="font-size:8.0pt;font-family:"Verdana",sans-serif;color:black">james.braunegg@micron21.com</span></a></span><span lang="EN-US" style="font-size:8.0pt;font-family:"Verdana",sans-serif;color:black">
| <b>ABN:</b> 12 109 977 666 <br>
<b>W:</b> <a href="http://www.micron21.com/ddos-protection"><span style="color:black">www.micron21.com/ddos-protection</span></a>
<b>T:</b> @micron21<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:8.0pt;font-family:"Verdana",sans-serif;color:black"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:8.0pt;font-family:"Verdana",sans-serif;color:black">Follow us on
</span><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black"><a href="http://www.twitter.com/micron21"><span lang="EN-US" style="font-size:8.0pt;font-family:"Verdana",sans-serif;color:black">Twitter</span></a></span><span style="font-size:8.0pt;font-family:"Verdana",sans-serif;color:black">
</span><span lang="EN-US" style="font-size:8.0pt;font-family:"Verdana",sans-serif;color:black">for important service and system updates.<br>
<br>
</span><span style="font-size:8.0pt;font-family:"Verdana",sans-serif;color:black"><img border="0" width="250" height="39" id="Picture_x0020_1" src="cid:image001.jpg@01D23093.A6EC3770" alt="M21.jpg"></span><span lang="EN-US" style="font-size:8.0pt;font-family:"Verdana",sans-serif;color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:8.0pt;font-family:"Verdana",sans-serif;color:black"><br>
</span><span style="font-size:8.0pt;font-family:"Verdana",sans-serif;color:black">This message is intended for the addressee named above. It may contain privileged or confidential information. If you are not the intended recipient of this message you must not
use, copy, distribute or disclose it to anyone other than the addressee. If you have received this message in error please return the message to the sender by replying to it and then delete the message from your computer.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif"> AusNOG [mailto:ausnog-bounces@lists.ausnog.net]
<b>On Behalf Of </b>Phillip Grasso<br>
<b>Sent:</b> Thursday, 27 October 2016 6:58 PM<br>
<b>To:</b> Peter Tiggerdine <ptiggerdine@gmail.com><br>
<b>Cc:</b> ausnog@lists.ausnog.net<br>
<b>Subject:</b> Re: [AusNOG] The shape of DDoS to come<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">I am guessing (e.g. no real analysis done here) if we 'normalize' the size of this attack, it probably isn't too dissimilar to previous DDoS volume to backbone sizes. <o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">We'll probably need a multilateral approach to solving or at least mitigating the severity of the attacks; <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">1) Sure would be nice if IoT or whatever they want to call themselves devices were secured and regularly patched etc, but that's an uphill battle in itself. There should be an effort to put some form of minimum certification and open set
of libraries the manufactories could get to patch / push updates if not already existing. <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">2). Network need to get more intelligent and coordinated. Detection and a trusted method to share attack vectors so that response could happen faster and improve detection. <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">3). Business model's will likely need to change or volumes will need to be better supported; there are various ways to solve this from routing most services through ddos protection or perhaps just outstripping ddos volumes by having so
much surplus capacity it isn't a concern (whilst this may not often be feasible or economical) it seems that is the way things are moving. Buy Scale, Build Scale, or eat the ddos.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">On 27 October 2016 at 12:15, Peter Tiggerdine <<a href="mailto:ptiggerdine@gmail.com" target="_blank">ptiggerdine@gmail.com</a>> wrote:<o:p></o:p></p>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-right:0cm">
<div>
<p class="MsoNormal">Reading both articles seems to give a lot of "creative license" to the term IoT. This is the problem with journo's today, facts from credible and verifiable sources seems to be not a requirement anymore. At least Ars mentioned it in the
article, but it begs the question why print it? <o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">DVR and IP cameras aren't IoT. We've had both of those long before the term IoT existed. <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Unpatched home routers are likely to make up the bulk of the traffic <o:p></o:p></p>
</div>
</div>
<div>
<p class="MsoNormal"><br clear="all">
<o:p></o:p></p>
<div>
<div>
<div>
<div>
<div>
<p class="MsoNormal">Regards,<o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Peter Tiggerdine<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">GPG Fingerprint: 2A3F EA19 F6C2 93C1 411D 5AB2 D5A8 E8A8 0E74 6127<o:p></o:p></p>
</div>
</div>
</div>
</div>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<div>
<p class="MsoNormal">On Thu, Oct 27, 2016 at 10:45 AM, Nick Stallman <<a href="mailto:nick@agentpoint.com" target="_blank">nick@agentpoint.com</a>> wrote:<o:p></o:p></p>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-right:0cm">
<p class="MsoNormal">Yes there is.<br>
There are a few keywords to focus on however.<br>
<br>
Like 'part'. Technically if just a single IoT device was part of the attack then the media will say it was a IoT attack.<br>
<br>
And 'device'. If you start calling security DVR's IoT devices (arguably they aren't, they are a server) then yep a few thousand of them took part.<br>
<br>
I could be wrong but my impression was the bulk was traditional DDoS and not mostly IoT.<br>
<br>
On 27/10/16 11:17, Peter Tiggerdine wrote:<o:p></o:p></p>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-right:0cm">
<p class="MsoNormal">Is there any evidence to suggest that IoT devices played a part on this DDoS? My understanding is we're still dealing with the same problem as ever; unpatched/secured desktops/routers/switches which when you consider how accessible large
amounts of bandwidth is explain the increase in DDoS size.<br>
<br>
Most IoT devices don't enough CPU power to contribute more than 1K sustained. Doesn't mean there's not alot to be done in the security space with IoT, just means there's better targets with greater return.<br>
<br>
Regards,<br>
<br>
Peter Tiggerdine<br>
<br>
GPG Fingerprint: 2A3F EA19 F6C2 93C1 411D 5AB2 D5A8 E8A8 0E74 6127<br>
<br>
On Thu, Oct 27, 2016 at 9:54 AM, <a href="mailto:mike@thebibers.com" target="_blank">
mike@thebibers.com</a> <mailto:<a href="mailto:mike@thebibers.com" target="_blank">mike@thebibers.com</a>> <<a href="mailto:mbiber@ipv6forum.com.au" target="_blank">mbiber@ipv6forum.com.au</a> <mailto:<a href="mailto:mbiber@ipv6forum.com.au" target="_blank">mbiber@ipv6forum.com.au</a>>>
wrote:<br>
<br>
IPv6 with mandatory IPsec Authentication through filtering engines?<br>
<br>
Michael Biber<br>
IPv6Now<br>
<a href="http://6now.net" target="_blank">6now.net</a> <<a href="http://6now.net" target="_blank">http://6now.net</a>><br>
<a href="tel:0412058808" target="_blank">0412058808</a> <tel:<a href="tel:0412058808" target="_blank">0412058808</a>><br>
<br>
<br>
On 27 Oct 2016 10:03 AM, "Paul Wilkins" <<a href="mailto:paulwilkins369@gmail.com" target="_blank">paulwilkins369@gmail.com</a><br>
<mailto:<a href="mailto:paulwilkins369@gmail.com" target="_blank">paulwilkins369@gmail.com</a>>> wrote:<br>
<br>
After Mirai's 1.2Tbps, which is pretty much unmitigateable,<br>
perhaps time for the industry to realise that IoT means we've<br>
arrived at a new age of DDoS. If this is the shape of things<br>
to come, where do we go from here?<br>
<br>
Kind regards<br>
<br>
Paul Wilkins<br>
<br>
_______________________________________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net" target="_blank">AusNOG@lists.ausnog.net</a> <mailto:<a href="mailto:AusNOG@lists.ausnog.net" target="_blank">AusNOG@lists.ausnog.net</a>><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">
http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
<<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a>><br>
<br>
<br>
_______________________________________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net" target="_blank">AusNOG@lists.ausnog.net</a> <mailto:<a href="mailto:AusNOG@lists.ausnog.net" target="_blank">AusNOG@lists.ausnog.net</a>><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
<<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a>><br>
<br>
<br>
<br>
<br>
_______________________________________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net" target="_blank">AusNOG@lists.ausnog.net</a><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><o:p></o:p></p>
</blockquote>
<p class="MsoNormal"><span style="color:#888888"><br>
<span class="m8981336766756662619hoenzb">-- </span><br>
<span class="m8981336766756662619hoenzb">Nick Stallman</span><br>
<span class="m8981336766756662619hoenzb">Technical Director</span><br>
<span class="m8981336766756662619hoenzb">Agentpoint Pty Ltd</span><br>
<span class="m8981336766756662619hoenzb">The Real Estate Web Developers</span><br>
<span class="m8981336766756662619hoenzb">Melbourne | Sydney | Miami</span><br>
<span class="m8981336766756662619hoenzb"><a href="mailto:nick@agentpoint.com" target="_blank">nick@agentpoint.com</a></span><br>
<span class="m8981336766756662619hoenzb"><a href="http://www.agentpoint.com.au" target="_blank">www.agentpoint.com.au</a> |
<a href="http://www.zooproperty.com" target="_blank">www.zooproperty.com</a> | <a href="http://www.ginga.com.au" target="_blank">
www.ginga.com.au</a> | <a href="http://www.business2.com.au" target="_blank">www.business2.com.au</a></span><br>
<br>
<span class="m8981336766756662619hoenzb"><a href="http://Business2.com.au" target="_blank">Business2.com.au</a> is a real estate agent information website that helps you understand Portals, Technology and comes with FREE tools to help your Agency become an
online success!</span></span><o:p></o:p></p>
<div>
<div>
<p class="MsoNormal"><br>
_______________________________________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net" target="_blank">AusNOG@lists.ausnog.net</a><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><o:p></o:p></p>
</div>
</div>
</blockquote>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</div>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><br>
_______________________________________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><o:p></o:p></p>
</blockquote>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</div>
</body>
</html>