Hackers hijack 300, 000-plus wireless routers, make malicious changes | Ars Technica

Warren Bailey wbailey at satelliteintelligencegroup.com
Tue Mar 4 19:59:57 UTC 2014


I don¹t know that they have a lot of motivation to support ³legacy² access
points. The home brew guys tend to magically ³find² ways to install
software on these POS CPE AP/Router combos, which I don¹t think is a
coincidence. The linksys types of the world want to sell more routers, not
make routers that suddenly have an amazing 8 year shelf life. Most people
get tired of that POS box that gives them internet not working, and buy a
new LESS POS with whatever 802.xxx of the week/month/year/shopping season.
The margins probably really suck if you support a piece of plastic longer
than __ months, so I doubt you¹ll see anyone supporting their cheap box
any time soon. I bet if you offered them a way to do it for free, they¹d
look at it ;)


On 3/4/14, 11:52 AM, "Merike Kaeo" <kaeo at merike.com> wrote:

>
>On Mar 4, 2014, at 6:54 AM, Valdis.Kletnieks at vt.edu wrote:
>
>> On Tue, 04 Mar 2014 09:28:01 -0400, jim deleskie said:
>>> Why want to swing such a big hammer.  Even blocking those 2 IP's will
>>> isolate your users, and fill your support queue's.
>>> 
>>> Set up a DNS server locally to reply to those IP's  Your customers
>>>stay up
>>> and running and blissfully unaware.
>>> 
>>> Log the IP's hitting your DNS servers on those IP and have your support
>>> reach out to them in a controlled way, or  reply to any request via DNS
>>> with an internal host that has a web page explaining what is broken
>>>and how
>>> they can fix it avoiding  at least some of the calls to your helpdesk.
>> 
>> Two words: "DNS Changer".  What did we learn from that?
>
>My thoughts exactly.  Some walled gardens set up in those instances.
>
>And don't blindly follow someone's advice without looking at impacts to
>your
>networks.  
>
>CPE devices are just a huge cesspool.  Any device that already doesn't
>let you
>change username 'admin' is off to a bad start.   We have to get these
>supposedly
>'plug it in and never touch it' devices to be better at firmware upgrades.
>
>- merike




More information about the NANOG mailing list