[AusNOG] The shape of DDoS to come

Phillip Grasso phillip.grasso at gmail.com
Thu Oct 27 18:58:03 EST 2016 

I am guessing (e.g. no real analysis done here) if we 'normalize' the size
of this attack, it probably isn't too dissimilar to previous DDoS volume to
backbone sizes.

We'll probably need a multilateral approach to solving or at least
mitigating the severity of the attacks;

1) Sure would be nice if IoT or whatever they want to call themselves
devices were secured and regularly patched etc, but that's an uphill battle
in itself. There should be an effort to put some form of minimum
certification and open set of libraries the manufactories could get to
patch / push updates if not already existing.

2). Network need to get more intelligent and coordinated. Detection and a
trusted method to share attack vectors so that response could happen faster
and improve detection.

3). Business model's will likely need to change or volumes will need to be
better supported; there are various ways to solve this from routing most
services through ddos protection or perhaps just outstripping ddos volumes
by having so much surplus capacity it isn't a concern (whilst this may not
often be feasible or economical) it seems that is the way things are
moving. Buy Scale, Build Scale, or eat the ddos.


On 27 October 2016 at 12:15, Peter Tiggerdine <ptiggerdine at gmail.com> wrote:

> Reading both articles seems to give a lot of "creative license" to the
> term IoT. This is the problem with journo's today, facts from credible and
> verifiable sources seems to be not a requirement anymore. At least Ars
> mentioned it in the article, but it begs the question why print it?
>
> DVR and IP cameras aren't IoT. We've had both of those long before the
> term IoT existed.
>
> Unpatched home routers are likely to make up the bulk of the traffic
>
> Regards,
>
> Peter Tiggerdine
>
> GPG Fingerprint: 2A3F EA19 F6C2 93C1 411D 5AB2 D5A8 E8A8 0E74 6127
>
> On Thu, Oct 27, 2016 at 10:45 AM, Nick Stallman <nick at agentpoint.com>
> wrote:
>
>> Yes there is.
>> There are a few keywords to focus on however.
>>
>> Like 'part'. Technically if just a single IoT device was part of the
>> attack then the media will say it was a IoT attack.
>>
>> And 'device'. If you start calling security DVR's IoT devices (arguably
>> they aren't, they are a server) then yep a few thousand of them took part.
>>
>> I could be wrong but my impression was the bulk was traditional DDoS and
>> not mostly IoT.
>>
>> On 27/10/16 11:17, Peter Tiggerdine wrote:
>>
>>> Is there any evidence to suggest that IoT devices played a part on this
>>> DDoS? My understanding is we're still dealing with the same problem as
>>> ever; unpatched/secured desktops/routers/switches which when you consider
>>> how accessible large amounts of bandwidth is explain the increase in DDoS
>>> size.
>>>
>>> Most IoT devices don't enough CPU power to contribute more than 1K
>>> sustained. Doesn't mean there's not alot to be done in the security space
>>> with IoT, just means there's better targets with greater return.
>>>
>>> Regards,
>>>
>>> Peter Tiggerdine
>>>
>>> GPG Fingerprint: 2A3F EA19 F6C2 93C1 411D 5AB2 D5A8 E8A8 0E74 6127
>>>
>>> On Thu, Oct 27, 2016 at 9:54 AM, mike at thebibers.com <mailto:
>>> mike at thebibers.com> <mbiber at ipv6forum.com.au <mailto:
>>> mbiber at ipv6forum.com.au>> wrote:
>>>
>>>     IPv6 with mandatory IPsec Authentication through filtering engines?
>>>
>>>     Michael Biber
>>>     IPv6Now
>>>     6now.net <http://6now.net>
>>>     0412058808 <tel:0412058808>
>>>
>>>
>>>     On 27 Oct 2016 10:03 AM, "Paul Wilkins" <paulwilkins369 at gmail.com
>>>     <mailto:paulwilkins369 at gmail.com>> wrote:
>>>
>>>         After Mirai's 1.2Tbps, which is pretty much unmitigateable,
>>>         perhaps time for the industry to realise that IoT means we've
>>>         arrived at a new age of DDoS. If this is the shape of things
>>>         to come, where do we go from here?
>>>
>>>         Kind regards
>>>
>>>         Paul Wilkins
>>>
>>>         _______________________________________________
>>>         AusNOG mailing list
>>>         AusNOG at lists.ausnog.net <mailto:AusNOG at lists.ausnog.net>
>>>         http://lists.ausnog.net/mailman/listinfo/ausnog
>>>         <http://lists.ausnog.net/mailman/listinfo/ausnog>
>>>
>>>
>>>     _______________________________________________
>>>     AusNOG mailing list
>>>     AusNOG at lists.ausnog.net <mailto:AusNOG at lists.ausnog.net>
>>>     http://lists.ausnog.net/mailman/listinfo/ausnog
>>>     <http://lists.ausnog.net/mailman/listinfo/ausnog>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> AusNOG mailing list
>>> AusNOG at lists.ausnog.net
>>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>>
>>
>> --
>> Nick Stallman
>> Technical Director
>> Agentpoint Pty Ltd
>> The Real Estate Web Developers
>> Melbourne | Sydney | Miami
>> nick at agentpoint.com
>> www.agentpoint.com.au | www.zooproperty.com | www.ginga.com.au |
>> www.business2.com.au
>>
>> Business2.com.au is a real estate agent information website that helps
>> you understand Portals, Technology and comes with FREE tools to help your
>> Agency become an online success!
>>
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20161027/a2b32c83/attachment.html>

More information about the AusNOG mailing list