nanog mailing list archives
Re: Death of the Internet, Film at 11
From: Mike Hammett <nanog () ics-il net>
Date: Sat, 22 Oct 2016 16:48:01 -0500 (CDT)
Until Dyn says or someone says Dyn said, everything is assumed. ----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest-IX http://www.midwest-ix.com ----- Original Message ----- From: "Peter Baldridge" <petebaldridge () gmail com> To: "Jean-Francois Mezei" <jfmezei_nanog () vaxination ca> Cc: nanog () nanog org Sent: Saturday, October 22, 2016 4:45:13 PM Subject: Re: Death of the Internet, Film at 11 On Sat, Oct 22, 2016 at 1:47 PM, Jean-Francois Mezei <jfmezei_nanog () vaxination ca> wrote:
Generic question: The media seems to have concluded it was an "internet of things" that caused this DDoS. I have not seen any evidence of this. Has this been published by an authoritative source or is it just assumed?
Flashpoint[0], krebs[1], arstechnica[2]. I'm not sure what credible looks like unless they release a packet but this is probably consensus.
Has the type of device involved been identified?
routers and cameras with shitty firmware [3]
Is it more plausible that those devices were "hacked" in the OEM firmware and sold with the "virus" built-in ? That would explain the widespread attack.
The source code has been released. krebs [4], code [5]
Also, in cases such as this one, while the target has managed to mitigate the attack, how long would such an attack typically continue and require blocking ?
This is an actual question that hasn't been answered.
Since the attack seemed focused on eastern USA DNS servers, would it be fair to assume that the attacks came mostly from the same region (aka: devices installed in eastern USA) ? (since anycast would point them to that).
Aren't heat maps just population graphs?
BTW, normally, if you change the "web" password on a "device", it would also change telnet/SSH/ftp passwords.
Seems like no one is doing either. [0] https://www.flashpoint-intel.com/mirai-botnet-linked-dyn-dns-ddos-attacks/ [1] https://krebsonsecurity.com/2016/10/hacked-cameras-dvrs-powered-todays-massive-internet-outage/ [2] http://arstechnica.com/security/2016/10/double-dip-internet-of-things-botnet-attack-felt-across-the-internet/ [3] https://blog.sucuri.net/2016/09/iot-home-router-botnet-leveraged-in-large-ddos-attack.html [4] https://krebsonsecurity.com/2016/10/source-code-for-iot-botnet-mirai-released/ [5] https://github.com/jgamblin/Mirai-Source-Code -- Pete Baldridge 206.992.2852
Current thread:
- Re: Death of the Internet, Film at 11, (continued)
- Re: Death of the Internet, Film at 11 Chris Boyd (Oct 22)
- Re: Death of the Internet, Film at 11 jim deleskie (Oct 22)
- Re: Death of the Internet, Film at 11 Stephen Satchell (Oct 22)
- Re: Death of the Internet, Film at 11 Luke Guillory (Oct 22)
- Re: Death of the Internet, Film at 11 jim deleskie (Oct 22)
- Re: Death of the Internet, Film at 11 Luke Guillory (Oct 22)
- Re: Death of the Internet, Film at 11 Mike Hammett (Oct 22)
- Re: Death of the Internet, Film at 11 Jean-Francois Mezei (Oct 22)
- Re: Death of the Internet, Film at 11 Mel Beckman (Oct 22)
- Re: Death of the Internet, Film at 11 Peter Baldridge (Oct 22)
- Re: Death of the Internet, Film at 11 Mike Hammett (Oct 22)
- Re: Death of the Internet, Film at 11 Ray Van Dolson (Oct 22)
- Re: Death of the Internet, Film at 11 Mike Hammett (Oct 22)
- Re: Death of the Internet, Film at 11 Jean-Francois Mezei (Oct 22)
- Re: Death of the Internet, Film at 11 Ronald F. Guilmette (Oct 23)
- Re: Death of the Internet, Film at 11 Valdis . Kletnieks (Oct 23)
- Re: Death of the Internet, Film at 11 Rich Kulawiec (Oct 24)
- Re: Death of the Internet, Film at 11 sthaug (Oct 23)
- Re: Death of the Internet, Film at 11 Mark Andrews (Oct 22)
- Message not available
- Message not available
- Re: Death of the Internet, Film at 11 Josh Reynolds (Oct 22)
- Re: Death of the Internet, Film at 11 Mark Foster (Oct 22)