You must not support end users. ----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest-IX http://www.midwest-ix.com ----- Original Message ----- From: "Mark Andrews" <marka@isc.org> To: "Roland Dobbins" <rdobbins@arbor.net> Cc: nanog@nanog.org Sent: Monday, September 26, 2016 11:43:36 PM Subject: Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey In message <B796C128-AFDF-45A1-B5AF-C29BFF06E54B@arbor.net>, Roland Dobbins wri tes:
On 27 Sep 2016, at 6:58, Christopher Morrow wrote:
wouldn't something as simple as netflow/sflow/ipfix synthesized on the CPE and kept for ~30mins (just guessing) in a circular buffer be 'good enough' to present a pretty clear UI to the user?
+1 for this capability in CPE.
OTOH, it will be of no use whatsoever to the user. Providing the user with access to anomalous traffic feeds won't help, either.
Users aren't going to call in some third-party service/support company, either.
Why not? You call a washing machine mechanic when the washing machine plays up. This is not conceptually different.
It call comes down to the network operator, one way or another. There's no separation in the public mind of 'my network' from 'the Internet' that is analogous to the separation between 'the power company' and 'the electrical wiring in my house/apartment' (and even in that space, the conceptual separation often isn't present).
Actually I don't believe that. They do know what machines they have have connected to their home network. Boxes don't magically connect. Every machine was explictly connected. Mark
----------------------------------- Roland Dobbins <rdobbins@arbor.net> -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org