Comment by smt88
5 hours ago
It's impossible to stop DDoS attacks because of the first "D".
If a botnet gets access through 500k IP addresses belonging to home users around the world, there's no way you could have prepared yourself ahead of time.
The only real solution is to drastically increase regulation around security updates for consumer hardware.
Maybe that's the case, but it seems like this conclusion is based on the current architecture of the internet. Maybe there are ways of changing it that mean these issues are not a thing!
It's not an architectural problem. It's a fundamental issue with trust and distributed systems. The same issues occur in physical spaces, like highways.
The core issue is that hackers can steal the "identity" of internet customers at scale, not that the internet allows unauthenticated traffic.
Do the IP addresses botnet members get logged? Could those IP addresses be automatically blocked by DNS until they fix their machine?
Lets say your samsung fridge gets hacked and is now a member of a botnet. How do you detect that before the botnet does something?
Why fridge need to have rights to initiate connection to something on internet ?
Why fridge need to even be reachable from the internet ?? You should have some AI agent for managing your "smart" home. At least it's how sci-fi movies/games show it, eg. Iron man or Starcraft II ;)
1 reply →
IP addresses aren't unique or stable. You can't use them to identify individual devices.