And I contend that the device manufacturer is only one part in this. Yes, the manufacturers need to get better in securing their devices (that's never been in question). *But* the end users need to have better CPE that can do NetFlow/Sflow/etc in a near real-time fashion. This would allow the end-user to act as a check against the manufacturer(s) and see threats and DDoS packets originating from their gear in real-time (and on the customer's CPE they can get MAC or RFC1918 address to narrow it down better). *But* that doesn't let the SP's off the hook either. The SP needs to be a check against the end users as well, being able to do real-time (or near-real time) flow data export/analysis. Why isn't it done currently? Well, probably a few reasons (and more that I can't even imagine) 1) Cost - It's a real cost to put something like this in place, and upper management does not want to spend money on something with little to no return 2) Availability - How much SP gear even has the option to do any sort of flow export/analysis? 3) Competition - If I am SP 'A' and I allow my customers to participate in a DDoS against SP 'B' (who is a competitor of mine), that at least indirectly harms my competitor, and all I have to do is absolutely nothing, why would management in SP 'A' lift a finger to fix the problem? (Until the DDoS is directed at them). Fixing the current wave of 'IoT' devices and phones and Tv's etc is only putting a bandaid on a broken arm. It gives the illusion of progress, but the fact is the reason DDoS'es are still a problem (and honestly, they've been a problem for decades, IRC servers and Netsplits/channel takeovers/etc), is that each layer in the problem is pointing the finger at the other layers and declaring them the cause of the problem and washing their hands of it (not unlike current politics). Until we accept that it's *everyone's* problem and work to fix the things under our control and work as an advocate for the other layers, we will continue to suffer attacks. Ken
I say again, the only way to solve these problems is if the devices are fundamentally secure by design, on the day they first ship to customers. Post-sale patching is an ad hoc and haphazard catch-as- catch-can solution at best, and it's not something that most manufacturers have -any- financial incentive to even do. They already got their money, on the day when the consumer bought the device. The rest is just an afterthought.
Regards, rfg