Reply to post: Re: DDoS

Hundreds of millions of Broadcom-based cable modems at risk of remote hijacking, eggheads fear

whitepines Silver badge

Re: DDoS

Fair enough, though a decent NOC should still be able to see the abnormal flow on their network (200 million modems doing constant NTP or DNS lookups with no return flow *should* throw a few alarms).

As to how to mitigate that, I'm not sure. You can't just cut off NTP or DNS, and rate limiting is not going to help much due to the amplification. Any of the obvious solutions (redirect to ISP servers only, block outgoing, blocking IPs with outgoing requests but no incoming data) will either create massive privacy and security problems or result in the helldesk phones ringing off the hook with justified "can't browse" complaints.

It's almost like trusting a third party to develop business critical software might be a bad idea, no?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon


Biting the hand that feeds IT © 1998–2020