Kevin Brennan - 2025-05-13 09:01:01
Hi everyone, I'm Kevin Brennan from the RIPE NCC. This chat panel is meant for discussion ONLY. If you have questions for the speaker and you want the session chair to read them out, please write them in the Q&A window, also stating your affiliation. Otherwise, you can ask questions using the microphone icon.
Please note that all chat transcripts will be archived and made available to the public at https://ripe90.ripe.net/.
The RIPE Code of Conduct: https://www.ripe.net/publications/docs/ripe-766/.
Éric Vyncke - 2025-05-13 09:43:13
I like how Leslie points to some AD attending this meeting ;-)
Aaron Weintraub - 2025-05-13 09:46:32
If this is all about compromised IoT devices and the like, it seems like this should be more focussed at the makers of those devices. Not sure what the real call to action is here from this venue
Éric Vyncke - 2025-05-13 09:47:05
I was thinking the same with the prevalence of D-link devices :-(
Gert Doering - 2025-05-13 09:47:51
someone is reaching out to all these devices, and leaving footprints. Clean up these machines...
Marcus Gerdon - 2025-05-13 09:48:59
I was more wondering where the "it about networks" part is. Given attacks use valid source addresses - which are neeed for bidirectional communication - I'd consider that valid customer traffic from a provider perspective.
Gert Doering - 2025-05-13 09:51:21
That was the message, basically - everyone is free to ignore "customer traffic", and everbody else is free to nullroute IP addresses doing no good, and down it spirals. Cleaning your own backyard makes a better network for everbody.
Aaron Weintraub - 2025-05-13 10:05:14
Is it better to block known C2 servers across the whole Internet or is it better to block (at the CPE) individual machines that are compromised (maybe known via communicating with those C2 servers) ? Problem is if grandmas internet photo frame gets compromised she's not going to be able to fix it, and if you blackhole it she's going to get upset because it doesn't see any more pictures of the grandkids
Gert Doering - 2025-05-13 10:07:11
if the photo frame is not reaching *out* and attacking others, it will not really show up on anyones radar... but if it does, block it, disconnect it, and make sure the vendor gets sufficient bad press
Aaron Weintraub - 2025-05-13 10:11:33
It is interesting to look into the "mandated" CPEs like for DOCSIS and xDSL which have some provider-controlled ability (to prevent DOCSIS modems from blasting RF on the HFC network, for example) and see if that can be leveraged to do more precise blocking of individual devices behind a NAT
Kevin Brennan - 2025-05-13 10:11:49
This session has now ended. Remember to vote for your favourite presentations by Monday, 19 May! Log in to your RIPE NCC Access account on the RIPE 90 website and visit the session pages. If you are logged in, you will see an icon next to a presentation to rate it.
The next session is the Plenary after the coffee break, and it will start at 11am Lisbon time. More info on the RIPE 90 meeting plan: https://ripe90.ripe.net/programme/meeting-plan/
Marcus Gerdon - 2025-05-13 10:13:22
I'm more concerned about the "bad press" the provider will get when pulling hard on their aup and disabling/limiting the contracted service. This is a lot more business related than just tech.
Aaron Weintraub - 2025-05-13 10:37:26
Yes, the current path just seems to make a lot of business for DDOS mitigation companies without actually resolving the base issue
