nanog mailing list archives
Re: Death of the Internet, Film at 11
From: bzs () TheWorld com
Date: Sun, 23 Oct 2016 14:47:50 -0400
I think you make a very good point with the TRS80 etc comment, at least implicitly: it's not just the vulnerable IoT devices, some sort of infrastructure is needed to get the attack going at the volume we've seen. And perhaps therein lies an answer. On October 22, 2016 at 16:47 jfmezei_nanog () vaxination ca (Jean-Francois Mezei) wrote:
Generic question: The media seems to have concluded it was an "internet of things" that caused this DDoS. I have not seen any evidence of this. Has this been published by an authoritative source or is it just assumed? Has the type of device involved been identified? I am curious on how some hacker in basement with his TRS80 or Commodore Pet would be able to reach "bilions" of these devices to reprogram them. Vast majority of homes are behind NAT, which means that an incoming packet has very little chance of reaching the IoT gizmo. I amn guessing/hoping such devices have been identified and some homweoners contacted ans asked to volunteer their device for forensic analysis of where the attack came from ? Is it more plausible that those devices were "hacked" in the OEM firmware and sold with the "virus" built-in ? That would explain the widespread attack. Also, in cases such as this one, while the target has managed to mitigate the attack, how long would such an attack typically continue and require blocking ? Since the attack seemed focused on eastern USA DNS servers, would it be fair to assume that the attacks came mostly from the same region (aka: devices installed in eastern USA) ? (since anycast would point them to that). OPr did the attack use actual IP addresses instead of the unicast ones to specifically target servers ? BTW, normally, if you change the "web" password on a "device", it would also change telnet/SSH/ftp passwords.
-- -Barry Shein Software Tool & Die | bzs () TheWorld com | http://www.TheWorld.com Purveyors to the Trade | Voice: +1 617-STD-WRLD | 800-THE-WRLD The World: Since 1989 | A Public Information Utility | *oo*
Current thread:
- Re: Death of the Internet, Film at 11, (continued)
- Re: Death of the Internet, Film at 11 bzs (Oct 23)
- Re: Death of the Internet, Film at 11 jim deleskie (Oct 23)
- Re: Death of the Internet, Film at 11 bzs (Oct 23)
- Re: Death of the Internet, Film at 11 Martin Hannigan (Oct 23)
- Re: Death of the Internet, Film at 11 bzs (Oct 23)
- Re: Death of the Internet, Film at 11 Jean-Francois Mezei (Oct 23)
- Re: Death of the Internet, Film at 11 Aaron C. de Bruyn via NANOG (Oct 23)
- Re: Death of the Internet, Film at 11 Jean-Francois Mezei (Oct 23)
- Re: Death of the Internet, Film at 11 Eric S. Raymond (Oct 23)
- Re: Death of the Internet, Film at 11 Ronald F. Guilmette (Oct 23)
- Re: Death of the Internet, Film at 11 bzs (Oct 23)
- Re: Death of the Internet, Film at 11 Ronald F. Guilmette (Oct 23)
- Re: Death of the Internet, Film at 11 Stephen Satchell (Oct 23)
- Re: Death of the Internet, Film at 11 David Conrad (Oct 23)
- Re: Death of the Internet, Film at 11 Stephen Satchell (Oct 23)