Death of the Internet, Film at 11

Peter Baldridge petebaldridge at
Sat Oct 22 21:45:13 UTC 2016

On Sat, Oct 22, 2016 at 1:47 PM, Jean-Francois Mezei
<jfmezei_nanog at> wrote:
> Generic question:
> The media seems to have concluded it was an "internet of things" that
> caused this DDoS.
> I have not seen any evidence of this. Has this been published by an
> authoritative source or is it just assumed?

Flashpoint[0], krebs[1], arstechnica[2].  I'm not sure what credible
looks like unless they release a packet but this is probably

> Has the type of device involved been identified?

routers and cameras with shitty firmware [3]

> Is it more plausible that those devices were "hacked" in the OEM
> firmware and sold with the "virus" built-in ? That would explain the
> widespread attack.

The source code has been released. krebs [4], code [5]

> Also, in cases such as this one, while the target has managed to
> mitigate the attack, how long would such an attack typically continue
> and require blocking ?
  This is an actual question that hasn't been answered.

> Since the attack seemed focused on eastern USA DNS servers, would it be
> fair to assume that the attacks came mostly from the same region (aka:
> devices installed in eastern USA) ? (since anycast would point them to
> that).

Aren't heat maps just population graphs?

> BTW, normally, if you change the "web" password on a "device", it would
> also change telnet/SSH/ftp passwords.

Seems like no one is doing either.


Pete Baldridge

More information about the NANOG mailing list