Death of the Internet, Film at 11

Mike Hammett nanog at ics-il.net
Sat Oct 22 21:48:01 UTC 2016 

Until Dyn says or someone says Dyn said, everything is assumed. 




----- 
Mike Hammett 
Intelligent Computing Solutions 
http://www.ics-il.com 

Midwest-IX 
http://www.midwest-ix.com 

----- Original Message -----

From: "Peter Baldridge" <petebaldridge at gmail.com> 
To: "Jean-Francois Mezei" <jfmezei_nanog at vaxination.ca> 
Cc: nanog at nanog.org 
Sent: Saturday, October 22, 2016 4:45:13 PM 
Subject: Re: Death of the Internet, Film at 11 

On Sat, Oct 22, 2016 at 1:47 PM, Jean-Francois Mezei 
<jfmezei_nanog at vaxination.ca> wrote: 
> Generic question: 
> 
> The media seems to have concluded it was an "internet of things" that 
> caused this DDoS. 
> 
> I have not seen any evidence of this. Has this been published by an 
> authoritative source or is it just assumed? 

Flashpoint[0], krebs[1], arstechnica[2]. I'm not sure what credible 
looks like unless they release a packet but this is probably 
consensus. 

> Has the type of device involved been identified? 

routers and cameras with shitty firmware [3] 

> Is it more plausible that those devices were "hacked" in the OEM 
> firmware and sold with the "virus" built-in ? That would explain the 
> widespread attack. 

The source code has been released. krebs [4], code [5] 

> Also, in cases such as this one, while the target has managed to 
> mitigate the attack, how long would such an attack typically continue 
> and require blocking ? 
This is an actual question that hasn't been answered. 

> Since the attack seemed focused on eastern USA DNS servers, would it be 
> fair to assume that the attacks came mostly from the same region (aka: 
> devices installed in eastern USA) ? (since anycast would point them to 
> that). 

Aren't heat maps just population graphs? 

> BTW, normally, if you change the "web" password on a "device", it would 
> also change telnet/SSH/ftp passwords. 

Seems like no one is doing either. 

[0] https://www.flashpoint-intel.com/mirai-botnet-linked-dyn-dns-ddos-attacks/ 
[1] https://krebsonsecurity.com/2016/10/hacked-cameras-dvrs-powered-todays-massive-internet-outage/ 
[2] http://arstechnica.com/security/2016/10/double-dip-internet-of-things-botnet-attack-felt-across-the-internet/ 
[3] https://blog.sucuri.net/2016/09/iot-home-router-botnet-leveraged-in-large-ddos-attack.html 
[4] https://krebsonsecurity.com/2016/10/source-code-for-iot-botnet-mirai-released/ 
[5] https://github.com/jgamblin/Mirai-Source-Code 
-- 

Pete Baldridge 
206.992.2852

More information about the NANOG mailing list