Insecure IOT devices are a *big* problem, especially, like you said, when Tom and Harry have supar-fiber-fast connectivity to the intarnets.
On Fri, Oct 21, 2016 at 1:01 PM, Ken Hohhof <af...@kwisp.com> wrote: > If a WISP customer is being used as part of a DDoS attack, chances are the > volume upstream traffic will make their own Internet unusable and they will > end up calling in. > > > > It’s probably more important to make sure that infrastructure like routers > and DNS servers are not misconfigured to act as DNS or NTP amplifiers. > Mikrotik routers by default are DNS amplifiers if you turn on Allow Remote > Requests and don’t create a firewall rule to block DNS requests from > outside your network, so that’s something to watch for. > > > > What I worry about are the Internet Things like webcams that have been > hacked and recruited into a botnet, and are sitting on a residential > symmetric gigabit fiber connection. Most WISP customers have a lot less > firepower. I really think FISPs are going to need some mechanisms to > protect the rest of the Internet if they are going to give every Tom, Dick > and Harry a gig upstream. Oh wait, Mike said to stop being a Dick, so make > that Tom and Harry. > > > > > > *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *Paul Stewart > *Sent:* Friday, October 21, 2016 11:47 AM > *To:* af@afmug.com > *Subject:* Re: [AFMUG] Another large DDoS, Stop Being a Dick > > > > I liked Scrutenizer when we tested in my former job … we ran into serious > scaling issues with it that they said weren’t possible - too long ago to > recall details around that problem. But visually and detail wise it was > pretty nice…. > > > > Arbor is the best solution in my opinion if it’s in budget - and it’s not > remotely cheap (6 figures to get started) > > > > > > On Oct 21, 2016, at 12:41 PM, That One Guy /sarcasm < > thatoneguyst...@gmail.com> wrote: > > > > shadow server is going down for a week isnt it to move their data center, > expect the exploits to be strong > > i just ran that caida app the other day, our office firewall got pretty mad > > > > Sign up at shadwoserver sean > > > > Im demoing scrutinizer right now, but waiting on the actual quote, i think > it will end up too cost prohibitive but man does it have some nice > monitoring and alerting > > > > Expect to see a whole lot more nastiness as the election gets closer, alot > of dogs are going to be wagged before its over > > > > On Fri, Oct 21, 2016 at 11:26 AM, Sean Heskett <af...@zirkel.us> wrote: > > I think instead of naming and shaming you'd get more traction if you > informed and taught them how to prevent and stop this traffic. > > > > Many WISPs don't have the technical know how (or time) to even realize > it's happening. They are just trying to get customers connected. > > > > I know my network isn't perfect and I'd gladly submit a list of subnets I > control to a group that would be willing to tell me what's wrong and how I > can fix it so I'm not part of the problem. > > > > 2 cents > > > > -Sean > > > > On Friday, October 21, 2016, Mike Hammett <af...@ics-il.net> wrote: > > There's another large DDoS going on now. Go to this page to see if you can > be used for UDP amplification (or other spoofing) attacks: > > https://www.caida.org/projects/spoofer/ > > Go to these pages for more longer term bad behavior monitoring: > > https://www.shadowserver.org/wiki/ > https://radar.qrator.net/ > > > Maybe we need to start a database of ASNs WISPs are using and start naming > and shaming them when they have bad actors on their network. This is > serious, people. Take it seriously. > > > > ----- > Mike Hammett > Intelligent Computing Solutions <http://www.ics-il.com/> > <https://www.facebook.com/ICSIL> > <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> > <https://www.linkedin.com/company/intelligent-computing-solutions> > <https://twitter.com/ICSIL> > Midwest Internet Exchange <http://www.midwest-ix.com/> > <https://www.facebook.com/mdwestix> > <https://www.linkedin.com/company/midwest-internet-exchange> > <https://twitter.com/mdwestix> > The Brothers WISP <http://www.thebrotherswisp.com/> > <https://www.facebook.com/thebrotherswisp> > > > <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg> > > > > > > > > -- > > If you only see yourself as part of the team but you don't see your team > as part of yourself you have already failed as part of the team. > > >
