[AusNOG] NBN must avoid becoming 'failed state'

Dmitri Kalintsev dek735 at gmail.com
Sun Sep 19 11:09:14 EST 2010 

[devil's advocate hat on]

Assuming a 25 Mbit/s upstream, an NBN end-user will be out of their 1TB
quota in less than 10 hours.

We should also not forget that in NBN world RSPs will still have a CPE under
their full control on end-user premises, which they could use to implement
said "tactical measures" without NBN Co's help.

[devil's advocate hat off]

BTW, just today came across an excellent analysis of what probably is the
largest known botnet to date (16M+ hosts). Country breakdown:

http://www.nobunkum.ru/issue003/tdss-botnet/stat_countries.png

(Article itself - http://www.nobunkum.ru/issue003/tdss-botnet/ - sorry, it's
in Russian, but they say that the English version is coming soon).

Just my 2c.

-- D

On Sat, Sep 18, 2010 at 9:22 PM, Andrew Fort <afort at choqolat.org> wrote:

> On Sat, Sep 18, 2010 at 9:09 PM, David Hughes <david at hughes.com.au> wrote:
> >>
> >> Didn't really happen.  Speaking holistically, it's hard to argue that
> the
> >> state of the security art is any worse now than it's ever been.
> >
> > Can't say I can agree with that Mark.  I reckon it did happen.  In the
> days of Dial-up, the outbound capability of the average compromised machines
> was so limited that the target of a DoS attack was pretty much restricted to
> other dial-up clients.  V.90 only gave you 33k outbound so you'd need a
> metric shedload of compromised machines to do any significant damage to a
> well connected content source.
> >
> > With the advent of ADSL, the dramatically increased outbound capacity
> means that a botnet can now have a pretty good crack at a tier-1 web
> property or the root nameservers.   Take that to an NBN environment and you
> have gone for a 20:1 outbound ratio at 20mbps to a 2.5:1 ratio at 100mbps.
>  I'd suggest that even a single NBN attached machine could do significant
> damage to an "average" web site.
> >
>
> And now that you can "kill anyone" with fewer bots, you just increased
> the value of the botherders assets.  e.g., If I only need 5000
> machines instead of 50k for a "single unit of pwn", I have 90% of my
> infrastructure idle for making me more money.  I'm assuming the market
> has sufficient demand for additional DDoS, but the point is any
> additional packet-per-second makes the herders more money.  As we
> know, ethernet networks are generally very effective at delivering
> line-rate.  So expect DDoS to put heavy pressure on the G[x]PON OLTs.
>
> > So I stand by my autobahn analogy.  The problem has always existed.  But
> at higher speeds it just more dramatic (or a dramatic outcome is much easier
> to achieve).
>
> I think you're 100% right - the botherders will follow the money, and
> they'll come to the NBN like they have to other hyper connected
> societies, because it makes them more money to do so.  I read that as
> Roland's message.
>
> I'd like to see the NBNco talk about rate-limiting and other tactical
> measures (such as temporary ACLs, pushback-like approaches and so on),
> that can be triggered by RSPs via the API, as a way of rapidly
> reducing the economic value of the end hosts attached to the NBN for
> bot herders.  That'd be something they could be really proud of, I
> reckon.
>
> -a
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20100919/f9a2c2f4/attachment.html>

More information about the AusNOG mailing list