A good mitigation strategy is giving people 1Gbps down, over DOCSIS 3.1, that nobody can ever actually hit, and overselling significantly on top of that. Then, doing the same with upload, but only offering around 30Mbps up.
It's my understanding that 1000/30 isn't an artificial limitation. The coax lines have limited bandwidth such that 1000/1000 per customer just isn't possible. They could split it different ways, of course, but since historically most customers download far more than they upload the 1000/30 became standard among consumer ISPs.
Not that ISPs aren't evil. They were paid to run fiber everywhere, such that everyone would have 1000/1000 fiber links by now. But such as it is.
DOCSIS is asymmetrical, but my understanding is that 3.1 could theoretically handle 10000/1000 with all channels. I’m sure the infrastructure in many places wouldn’t be able to do that, but I have a feeling they could do better than 30.
Counter suggestion: make fcc regulate iot, whenever a person's appliance enters a botnet, suspend his connection until said appliance is removed and fine the person if the device wasn't fcc aproved.
There, no more botnets inside the US. The rest of the world to go
Appliances sold in the US already have to prove they don't create harmful EMF emissions. It wouldn't be much of a stretch to add minimum security requirements to avoid harmful "data emissions" to that same certification process.
sure you can. but the instant they're part of a botnet attacking someone, you, it's owner, should have to do something about it. We have fire code to regulate what people build so they're not a death trap and this wouldn't be so different.
I wouldn't. But when the device, which happens to be running windows, takes part in a DDOS attack, I wish we could do something about that, rather than have to buy our way out of the problem by having a bigger pipe and sinking traffic, because it means that you have to be blessed by the powers that be of the Internet(Cloudflare, AWS, GCP, etc) in order to stay online in the face of a DDOS attack.
Coax cable is limited to 10 Gbps (DOCSIS 3.1) and is shared with many houses/apartments (can easily be a few hundred modems) in a neighborhood. Theoretically only 10 people can use 1 Gbps at any one time, in practice probably even less.
In general, no. Unless you start affecting their internal network. If you keep the traffic rather moderate a home connection can spew traffic for months on end.
They do! I have a fast fiber connection. I have had an ISP sec/ops guy literally call me and ask about my traffic patterns. He was more curious than anything -- but they do monitor strange patterns. I agreed to turn off my crawlers and explained it wasn't a botnet.
Some have, but it's usually signature based. If a customer has an infection with a known worm (all I've seen were windows based) it's matched by some signature and the connection is isolated. From then on all web traffic is redirected to the ISPs service portal helping the customer install an antivirus solution.
At least that’s how it feels in the U.S.