Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

Re ] Hacked Cameras, DVRs Powered Today's Massive Internet Outage

From: "Dave Farber" <dave () farber net>
Date: Sun, 23 Oct 2016 21:51:33 -0400
---------- Forwarded message ----------
From: *Brett Glass* <brett () lariat net>
Date: Sunday, October 23, 2016
Subject: [Dewayne-Net] Hacked Cameras, DVRs Powered Today's Massive
Internet Outage
To: dave () farber net


Dave, and everyone:

While my small ISP couldn't do much about the massive denial of service
attacks that plagued the Internet this week (except to answer the phone
calls from frustrated customers who could not use Twitter, Disqus, and
other services which relied on Dyn as a DNS provider), we could at least
make sure that we were not contributing to the attacks -- and we did.

We blocked incoming attacks by the Mirai worm (which was creating the
botnet that executed the DDoS attacks), monitored our network for
vulnerable camera systems that were attempting to participate in it (there
was only one -- a cheap, Chinese DVR rebranded and resold by a company in
New Jersey to one of our rural customers), and set up a honeypot to capture
the code.

The thing which was embarrassing (or should have been) was that the code
for the worm was simpler and easier to analyze than that of the infamous
Morris worm, which was released on the Internet in 1988. It simply
brute-forced certain vulnerable systems via Telnet, using default
passwords, and then wormed its way into the affected systems via the shell.
No need for "stack smashing" exploits or fancy, hand-assembled machine
code; the systems were such sitting ducks that none of that was necessary
to turn them into bots.

The owner of the infected DVR had no idea that he'd bought a vulnerable
piece of equipment, one for which software updates were not available and
whose security holes could not be closed -- only shielded from outside
attacks via a firewall and VPN. He was incredulous that anyone would even
be ALLOWED to sell a device that insecure, or that the FCC -- via its
unwise and illegal "network neutrality" regulations -- would require ISPs
like me to leave them exposed to attacks by default.

As an ISP, an engineer, and an embedded system developer, all I can say is,
"I told you so."

--Brett Glass



-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/18849915-ae8fa580
Modify Your Subscription: https://www.listbox.com/member/?member_id=18849915&id_secret=18849915-aa268125
Unsubscribe Now: 
https://www.listbox.com/unsubscribe/?member_id=18849915&id_secret=18849915-32545cb4&post_id=20161023215141:663BC5EE-998C-11E6-BFB5-8C6EE6C77F2C
Powered by Listbox: http://www.listbox.com
Previous By Date Next
Previous By Thread Next

Current thread: