nanog mailing list archives
RE: Hackers hijack 300, 000-plus wireless routers, make malicious changes | Ars Technica
From: Ian McDonald <iam () st-andrews ac uk>
Date: Tue, 4 Mar 2014 18:33:46 +0000
Until the average user's cpe is only permitted to use the resolvers one has provided as the provider (or otherwise decided are OK), this is going to be a game of whackamole. So long as there's an 'I have a clue' opt out, it appears to be the way forward to resolve this issue. Shutting down one set of 'bad resolvers' will simply cause a new set to be spawned, and a reinfection run round the still-unpatched cpe's of the world. Thanks -- ian Sent from my phone, please excuse brevity and misspelling. ________________________________ From: Octavio Alvarez<mailto:alvarezp () alvarezp ods org> Sent: 04/03/2014 18:09 To: jim deleskie<mailto:deleskie () gmail com>; Andrew Latham<mailto:lathama () gmail com> Cc: nanog () nanog org<mailto:nanog () nanog org> Subject: Re: Hackers hijack 300, 000-plus wireless routers, make malicious changes | Ars Technica On 03/04/2014 05:28 AM, jim deleskie wrote:
Why want to swing such a big hammer. Even blocking those 2 IP's will isolate your users, and fill your support queue's.
When the malicious DNS services get shutdown you will still have your support queue's filled, anyway. Doing it now will let you identify those affected. Blockage doesn't have to be all-or-nothing. It can be incremental, selective or all-or-nothing on some time windows. Better now than later.
Current thread:
- Re: Hackers hijack 300, 000-plus wireless routers, make malicious changes | Ars Technica, (continued)
- Re: Hackers hijack 300, 000-plus wireless routers, make malicious changes | Ars Technica Andrew Latham (Mar 04)
- Re: Hackers hijack 300, 000-plus wireless routers, make malicious changes | Ars Technica Davide Davini (Mar 04)
- Re: Hackers hijack 300, 000-plus wireless routers, make malicious changes | Ars Technica Andrew Latham (Mar 04)
- Re: Hackers hijack 300, 000-plus wireless routers, make malicious changes | Ars Technica jim deleskie (Mar 04)
- Re: Hackers hijack 300, 000-plus wireless routers, make malicious changes | Ars Technica Valdis . Kletnieks (Mar 04)
- Re: Hackers hijack 300, 000-plus wireless routers, make malicious changes | Ars Technica Merike Kaeo (Mar 04)
- Re: Hackers hijack 300, 000-plus wireless routers, make malicious changes | Ars Technica Warren Bailey (Mar 04)
- Re: Hackers hijack 300, 000-plus wireless routers, make malicious changes | Ars Technica Niels Bakker (Mar 04)
- Re: Hackers hijack 300, 000-plus wireless routers, make malicious changes | Ars Technica Andrew Latham (Mar 04)
- Re: Hackers hijack 300, 000-plus wireless routers, make malicious changes | Ars Technica Jay Ashworth (Mar 04)
- Re: Hackers hijack 300, 000-plus wireless routers, make malicious changes | Ars Technica Octavio Alvarez (Mar 04)
- RE: Hackers hijack 300, 000-plus wireless routers, make malicious changes | Ars Technica Ian McDonald (Mar 04)
- Re: Hackers hijack 300, 000-plus wireless routers, make malicious changes | Ars Technica Brandon Galbraith (Mar 04)
- Re: Hackers hijack 300, 000-plus wireless routers, make malicious changes | Ars Technica Jimmy Hess (Mar 04)
- Re: Hackers hijack 300, 000-plus wireless routers, make malicious changes | Ars Technica Octavio Alvarez (Mar 04)