-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/25/2016 03:46 AM, Mirimir wrote:
On 09/25/2016 01:11 AM, Steve Kinney wrote:
So far every mitigation strategy relevant to "normal" users and use cases that occurs to me would be worse than the original problem.
Yes, it's for sure a hard problem. Any entity resourceful enough to withstand Tbps DDoS is likely a huge privacy risk :(
Filters that positively identify "authorized" senders of packets to any given address range, dropping all not signed by an registered (therefore permitted) user would knock it down. Along with providing for a comprehensive global censorship regimen at the end user level, and yet another PITA barrier to anonymized routing. I see two admittedly regrettable but nonetheless distinguishable outcomes: One where you got a locked down weaponized Interent in State hands, another where your refrigerator and night light can no longer talk to the world because those circuits were disabled or removed . If IOT was a flower, it would be the daisy: Spreads everywhere like the weed it is, and takes the place over if you let it. This problem is so hard it may eventually be necessary to recover the World Of Things from the Internet of Things, like Dave Bowman took the Discovery back over from the HAL 9000. :o)
On the other hand, Krebs has been totally asking for it, for years ;) He's been going after major cybercriminals, who perhaps have major connections with global TLAs. And he's often been a jerk about it. Hugely self-righteous, and humorless. So meh ;)
:o/
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux)
iQEcBAEBAgAGBQJX6IW/AAoJEECU6c5Xzmuq8LMIAI/xv/duS+riGPFnIhxDsq9h OP4BAZNX/kWk9KNjjstuM2Xq9h70OVireQmg9XbaBVG9vkPVoSJ8hKOXv0dAGFIG QLP0rqzDgf5PD4aPag1nNEMy/vlCEEiH2TNpyYrZu5tTvN5T/tO9NrD5k4gR7aRa 017wE3cV+URcm3upzwzUxbj1xbHmD3V1d7Vd1mfrD/EG6XtRpECjx0svY89I/9P4 ZVUxTK10mvjcqnhW8Dl9u6ZF1zpkvbxVTDppWpvlGsxfu0VyZX/cKRizc8dlpzq8 kfOtDG72UxsFBrEc889qlc5luPPWBmTVtr2N462Rwf1ZHkYnle1VMQpB+BOk2ME= =9CqY -----END PGP SIGNATURE-----