nanog mailing list archives

Re: IoT security

From: valdis.kletnieks () vt edu
Date: Thu, 09 Feb 2017 15:18:15 -0500

On Thu, 09 Feb 2017 14:54:26 -0500, William Herrin said:

Is there some way an industry association could overcome this? Perhaps
have some trivial way to assign each model of IoT device some kind of
integer and have the device report the integer instead of its plain
text manufacturer and hardware model number? Where the assigned
integer is intentionally not published by the industry association
though of course trivially determinable by anyone who owns one of the
devices.


Or anybody who knows how to use the internet to look for reports of owners who
have issues.  All it takes is one smarter than the average bear user posting
"I've got a MobyWombat 3000 light bulb, and it keeps sending 1193432542 to some
server someplace...."

Wouldn't especially impair building a database of vulnerable
devices but it would raise the bar for trying to turn the


If it doesn't *heavily* impair building a database of vulnerable devices,
it's not a solution to the problem under discussion.

Attachment: _bin
Description:

Current thread:

Re: IoT security, (continued)
- - - Re: IoT security clinton mielke (Feb 08)
    - Re: IoT security valdis . kletnieks (Feb 08)
    - Re: IoT security clinton mielke (Feb 08)
    - Re: IoT security valdis . kletnieks (Feb 09)
    - Re: IoT security clinton mielke (Feb 09)
    - Re: IoT security Marco Slater (Feb 10)
    - Re: IoT security clinton mielke (Feb 10)
    - Re: IoT security clinton mielke (Feb 10)
    - Re: IoT security Rich Kulawiec (Feb 09)
    - Re: IoT security William Herrin (Feb 09)
    - Re: IoT security valdis . kletnieks (Feb 09)
    - Re: IoT security bzs (Feb 09)
    - Re: IoT security William Herrin (Feb 07)
    - Re: IoT security Michael Thomas (Feb 07)
- Re: IoT security Ray Soucy (Feb 07)
  - RE: IoT security Keith Medcalf (Feb 09)
  - Re: IoT security Rich Kulawiec (Feb 10)
- Re: IoT security Michael Yoon (Feb 08)