[AusNOG] The shape of DDoS to come

James Morgan jmorgan.au at gmail.com
Thu Oct 27 14:18:18 EST 2016


Without wanting to put the tinfoil hat on too tight, is there not perhaps
some sort of consideration that many of these same companies make a
lucrative living in selling us security related hardware and services?


>
> *From:* AusNOG [mailto:ausnog-bounces at lists.ausnog.net] *On Behalf Of *Jim
> Woodward
> *Sent:* Thursday, 27 October 2016 12:53 PM
> *To:* ausnog at lists.ausnog.net
> *Subject:* Re: [AusNOG] The shape of DDoS to come
>
>
>
>
>
> Given the CPU power of modern routers the issue is that they now have
> resources well in excess of any WAN link to fill said link with traffic and
> not even break a sweat, security is definitely an area that needs to be
> consider closely.
>
> I am a believer that subscription services from vendors should exist (e.g.
> Cisco) but major security updates should be free for the lifetime of the
> device, Having worked in the industry for a long time I can attest to the
> fact that having a support contract doesn't mean devices are kept to a
> regular update schedule, in fact I have replaced failed units under
> contract in the field that are covered by a SMARTNET and been told to
> install an IOS many years old because that's what the original device had,
> not something I would do if it was a device within my control.
>
> I think an open model for security patches does need to be considered for
> the greater good.
>
> Kind Regards,
>
> Jim.
>
>
>
>
>
> On 27/10/2016 12:15 PM, Peter Tiggerdine wrote:
>
> Reading both articles seems to give a lot of "creative license" to the
> term IoT. This is the problem with journo's today, facts from credible and
> verifiable sources seems to be not a requirement anymore. At least Ars
> mentioned it in the article, but it begs the question why print it?
>
>
>
> DVR and IP cameras aren't IoT. We've had both of those long before the
> term IoT existed.
>
>
>
> Unpatched home routers are likely to make up the bulk of the traffic
>
>
> Regards,
>
>
>
> Peter Tiggerdine
>
>
>
> GPG Fingerprint: 2A3F EA19 F6C2 93C1 411D 5AB2 D5A8 E8A8 0E74 6127
>
>
>
> On Thu, Oct 27, 2016 at 10:45 AM, Nick Stallman <nick at agentpoint.com>
> wrote:
>
> Yes there is.
> There are a few keywords to focus on however.
>
> Like 'part'. Technically if just a single IoT device was part of the
> attack then the media will say it was a IoT attack.
>
> And 'device'. If you start calling security DVR's IoT devices (arguably
> they aren't, they are a server) then yep a few thousand of them took part.
>
> I could be wrong but my impression was the bulk was traditional DDoS and
> not mostly IoT.
>
> On 27/10/16 11:17, Peter Tiggerdine wrote:
>
> Is there any evidence to suggest that IoT devices played a part on this
> DDoS? My understanding is we're still dealing with the same problem as
> ever; unpatched/secured desktops/routers/switches which when you consider
> how accessible large amounts of bandwidth is explain the increase in DDoS
> size.
>
> Most IoT devices don't enough CPU power to contribute more than 1K
> sustained. Doesn't mean there's not alot to be done in the security space
> with IoT, just means there's better targets with greater return.
>
> Regards,
>
> Peter Tiggerdine
>
> GPG Fingerprint: 2A3F EA19 F6C2 93C1 411D 5AB2 D5A8 E8A8 0E74 6127
>
> On Thu, Oct 27, 2016 at 9:54 AM, mike at thebibers.com <mailto:
> mike at thebibers.com> <mbiber at ipv6forum.com.au <mailto:mbiber at ipv6forum.com.
> au>> wrote:
>
>     IPv6 with mandatory IPsec Authentication through filtering engines?
>
>     Michael Biber
>     IPv6Now
>     6now.net <http://6now.net>
>     0412058808 <tel:0412058808>
>
>
>     On 27 Oct 2016 10:03 AM, "Paul Wilkins" <paulwilkins369 at gmail.com
>     <mailto:paulwilkins369 at gmail.com>> wrote:
>
>         After Mirai's 1.2Tbps, which is pretty much unmitigateable,
>         perhaps time for the industry to realise that IoT means we've
>         arrived at a new age of DDoS. If this is the shape of things
>         to come, where do we go from here?
>
>         Kind regards
>
>         Paul Wilkins
>
>         _______________________________________________
>         AusNOG mailing list
>         AusNOG at lists.ausnog.net <mailto:AusNOG at lists.ausnog.net>
>         http://lists.ausnog.net/mailman/listinfo/ausnog
>         <http://lists.ausnog.net/mailman/listinfo/ausnog>
>
>
>     _______________________________________________
>     AusNOG mailing list
>     AusNOG at lists.ausnog.net <mailto:AusNOG at lists.ausnog.net>
>     http://lists.ausnog.net/mailman/listinfo/ausnog
>     <http://lists.ausnog.net/mailman/listinfo/ausnog>
>
>
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
> --
> Nick Stallman
> Technical Director
> Agentpoint Pty Ltd
> The Real Estate Web Developers
> Melbourne | Sydney | Miami
> nick at agentpoint.com
> www.agentpoint.com.au | www.zooproperty.com | www.ginga.com.au |
> www.business2.com.au
>
> Business2.com.au is a real estate agent information website that helps
> you understand Portals, Technology and comes with FREE tools to help your
> Agency become an online success!
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
>
>
>
>
> _______________________________________________
>
> AusNOG mailing list
>
> AusNOG at lists.ausnog.net
>
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20161027/07c1215f/attachment.html>


More information about the AusNOG mailing list