nanog mailing list archives
Re: Death of the Internet, Film at 11
From: John Weekes <jw () nuclearfallout net>
Date: Sat, 22 Oct 2016 22:17:40 -0700
Ok, so this mailing list is a list of network operators. Swell. Every network operator who can do so, please raise your hand if you have *recently* scanned you own network and if you can -honestly- attest that you have taken all necessary steps to insure that none of the numerous specific types of CCVT thingies that Krebs and others identified weeks or months ago as being fundamentally insecure can emit a single packet out onto the public Internet.
Most of the time, scanning of your customers isn't strictly necessary, though it certainly won't hurt.
That's because attackers will scan your network /for /you, compromise the hosts, and use them to attack. When they inevitably attack one of my customers, I'll send you an abuse email. Some other networks do the same. So if you want to help, the real keys are to make sure that you disallow spoofing, that the RIR has up-to-date contact information for your organization, and that you handle abuse notifications effectively.
Large IoT botnets have been used extensively this year, launching frequent 100+ Gbps attacks (they were also used in prior years, but it wasn't to the degree that we've seen since January 2016). I've recorded about 2.4 million IP addresses involved in the last two months (a number that is higher than the number of actual devices, since most seem to have dynamic IP addresses). The ISPs behind those IP addresses have received notifications via email, so if you haven't heard anything, you're probably in good shape, assuming the RIR has the right abuse address on file for you.
The bulk of the compromised devices are non-NA. In a relatively small 40 Gbps IoT attack a couple of days ago, we saw about 20k devices, for instance, and most were from a mix of China, Brazil, Russia, Korea, and Venezuela.
-John
Current thread:
- Re: Death of the Internet, Film at 11, (continued)
- Re: Death of the Internet, Film at 11 jim deleskie (Oct 23)
- Re: Death of the Internet, Film at 11 bzs (Oct 23)
- Re: Death of the Internet, Film at 11 Martin Hannigan (Oct 23)
- Re: Death of the Internet, Film at 11 bzs (Oct 23)
- Re: Death of the Internet, Film at 11 Jean-Francois Mezei (Oct 23)
- Re: Death of the Internet, Film at 11 Aaron C. de Bruyn via NANOG (Oct 23)
- Re: Death of the Internet, Film at 11 Jean-Francois Mezei (Oct 23)
- Re: Death of the Internet, Film at 11 Eric S. Raymond (Oct 23)
- Re: Death of the Internet, Film at 11 Ronald F. Guilmette (Oct 23)
- Re: Death of the Internet, Film at 11 bzs (Oct 23)
- Re: Death of the Internet, Film at 11 Ronald F. Guilmette (Oct 23)
- Re: Death of the Internet, Film at 11 Stephen Satchell (Oct 23)
- Re: Death of the Internet, Film at 11 David Conrad (Oct 23)
- Re: Death of the Internet, Film at 11 Stephen Satchell (Oct 23)