|
|
|
|
|
|
by webscaleizfun
3519 days ago
|
|
|
Interesting idea, but then you are essentially forcing everyone to go through their upstream provider or Google's DNS servers, since when DDOS attacks occur, smaller networks won't be in your 8000 resolver whitelist. Part of me thinks this is just the author building another wall, since now the DDOS will just attack ISP DNS servers instead, and worse yet quite a few of those compromised IoT devices are on those same ISPs networks, providing even better connectivity & potential throughput compared to congested peering. Perhaps we should be taking a different path, instead of letting Qualcomm, Broadcom and ilk continue to build massive out of tree branches of the Linux kernel and never mainline their changes, thus preventing effective long term support for said hardware, we should seek to force them to properly mainline their code so when the vendors using their chips drop support, all these vulnerable IoT devices aren't permanently sitting there vulnerable. Otherwise, the future is bleak for your smart toaster. Its likely gonna join a botnet sooner or later, just a matter of time ultimately. |
|
|
Well, no. Smart toaster is going to be just fine. And that's the core of the problem here. Much like it is the case with polluting diesel cars, owners are reasonable happy with their purchase and simply unaware of any problem (until/unless product is recalled). And even being aware, there is very little incentive for owners to address the issue of their property subtly contributing to harming somebody else.
And same again with much-needed BCP-38. It adds very, very little value to the ISP who implements it, so many never bother to. Yet less-then-universal roll-out of BCP-38 hurts Internet as a whole.