An article from Networld World reads: Largest DDoS attack ever delivered by botnet of hijacked IoT devices details the recent event.
A 600+Gbps DDoS attack from IoT devices is truly remarkable. Moreover, it was not a reflection attack! The target was protected by Akamai, who had to drop them (it was hosted pro-bono) after a few days of sustained attack because it was costing too much.
There are a few elements that might make this event a game changer:
- from now on, people may want to always talk about security in IoT,
- it raises questions about protecting the little guy from DDoS, the customer here found a home at Google’s Project Shield, but obviously this is not scalable, and
- cloud protection from DDoS is not a general solution despite what cloud providers will have you believe.
To me such events bring to focus the weaknesses and fragility of the IP architecture. With billions of IoT devices projected in the future, even one packet/second (or even per minute) from a fraction of these devices would be enough to cause real damage. We all know about the code quality and ease of patching of IoT devices, this will not change.
Maybe Bruce Schneier’s near-apocalyptic thoughts are not too far off.
The NDN team recently published its perspective on intellectual property rights in ICN core protocols, to address questions we are regularly asked by the ICN community and related industries, and to contribute to the “harmonization” dialogue underway in the ICNRG. Feedback and comments are welcome on the ndn-interest mailing list or by other means!
[This post is a repost from https://yoursunny.com/t/2016/ndncert/ written by NDN developer Junxiao Shi]
To publish contents into a Named Data Networking (NDN) backbone network, you need to connect your NFD end host to the NDN Testbed, run a local producer application, and let the world reach your NFD through Automatic Prefix Propagation. However, a limitation with NDN Forwarding Daemon (NFD)’s Automatic Prefix Propagation is that, the prefix registered toward your end host is always the identity name of your certificate. While this works fine when you only have one or two machines, two problems arise when you want to deploy multiple end hosts:
- Every certificate request needs an email verification and manual approval process, which is inconvenient. Or, you can copy your certificate and private key onto every machine, but in case any of these machines is compromised, your one and only private key will be exposed.
- Certificates requested with the same email address have the same “identity name” and hence Automatic Prefix Propagation would register the same prefix. Unless all your machines serve the same contents, registering the same prefix toward all machines hurts network performance because the router has to rely on flooding and probing to figure out which of your machines serves a certain piece of content.