Hackers hijack 300, 000-plus wireless routers, make malicious changes | Ars Technica

Merike Kaeo kaeo at merike.com
Tue Mar 4 19:52:02 UTC 2014

On Mar 4, 2014, at 6:54 AM, Valdis.Kletnieks at vt.edu wrote:

> On Tue, 04 Mar 2014 09:28:01 -0400, jim deleskie said:
>> Why want to swing such a big hammer.  Even blocking those 2 IP's will
>> isolate your users, and fill your support queue's.
>> Set up a DNS server locally to reply to those IP's  Your customers stay up
>> and running and blissfully unaware.
>> Log the IP's hitting your DNS servers on those IP and have your support
>> reach out to them in a controlled way, or  reply to any request via DNS
>> with an internal host that has a web page explaining what is broken and how
>> they can fix it avoiding  at least some of the calls to your helpdesk.
> Two words: "DNS Changer".  What did we learn from that?

My thoughts exactly.  Some walled gardens set up in those instances.

And don't blindly follow someone's advice without looking at impacts to your

CPE devices are just a huge cesspool.  Any device that already doesn't let you
change username 'admin' is off to a bad start.   We have to get these supposedly
'plug it in and never touch it' devices to be better at firmware upgrades.

- merike

More information about the NANOG mailing list