nanog mailing list archives
Re: Spitballing IoT Security
From: Laszlo Hanyecz <laszlo () heliacal net>
Date: Fri, 28 Oct 2016 00:48:09 +0000
On 2016-10-27 23:24, Ronald F. Guilmette wrote:
I put forward what I think is a reasonbly modest scheme to try to get IoT things to place hard limits on their "unsolicited" packet output at the kernel level, and I'm going to go off now and try to find and then engage some Linux embedded kernel people and see what they think. Maybe the whole thing is a dumb idea and not worth persuing, but I'm not con- vinced of that yet. So I'll go off, investigate in some more appropriate forum, and report back here if/when I have anything useful to say. Hacking embedded kernels to make them fault-tolerant, even in the event of attackers getting a root shell prompt, isn't going to save the world from DDoS attacks, but it may be one small part of the solution. Regards, rfg
This doesn't make sense to me. When the device is compromised, the default software with the restrictions will just be reconfigured or replaced. This process is similar to installing DD-WRT, or even a simple update from the vendor, for example. Botnets download and install the software they require and often they close the original infection vector to prevent another botnet from reinfecting. Check out the Mirai source code that was posted.
-Laszlo
Current thread:
- Re: Spitballing IoT Security, (continued)
- Re: Spitballing IoT Security Chris Boyd (Oct 26)
- Re: Spitballing IoT Security Mark Andrews (Oct 26)
- Re: Spitballing IoT Security Mel Beckman (Oct 26)
- Re: Spitballing IoT Security tim () pelican org (Oct 27)
- Re: Spitballing IoT Security Ronald F. Guilmette (Oct 27)
- Re: Spitballing IoT Security knack via NANOG (Oct 27)
- Re: Spitballing IoT Security Leo Bicknell (Oct 27)
- Re: Spitballing IoT Security Ronald F. Guilmette (Oct 27)
- Re: Spitballing IoT Security Ken Matlock (Oct 27)
- Re: Spitballing IoT Security Ronald F. Guilmette (Oct 27)
- Re: Spitballing IoT Security Laszlo Hanyecz (Oct 27)
- Re: Spitballing IoT Security bzs (Oct 26)
- Re: Spitballing IoT Security Valdis . Kletnieks (Oct 26)
- Re: Spitballing IoT Security Josh Reynolds (Oct 26)
- Re: Spitballing IoT Security Randy Bush (Oct 26)
- Re: Spitballing IoT Security Ronald F. Guilmette (Oct 26)
- Re: Spitballing IoT Security Mark Andrews (Oct 26)
- Re: Death of the Internet, Film at 11 bzs (Oct 24)
- Re: Death of the Internet, Film at 11 Mike Hale (Oct 24)
- Re: Death of the Internet, Film at 11 bzs (Oct 25)
- Re: Death of the Internet, Film at 11 John Weekes (Oct 24)