Death of the Internet, Film at 11

Ray Van Dolson rvandolson at esri.com
Sat Oct 22 22:35:50 UTC 2016 

https://urldefense.proofpoint.com/v2/url?u=http-3A__hub.dyn.com_dyn-2Dblog_dyn-2Dstatement-2Don-2D10-2D21-2D2016-2Dddos-2Dattack&d=DQIBAg&c=n6-cguzQvX_tUIrZOS_4Og&r=r4NBNYp4yEcJxC11Po5I-w&m=iGvkbfzRJPqKO1A6YGa-c1m0RBLNkRk03hCjvVGTH3k&s=bScBNFncB3kt_cG0L3iys0mfXBmwwUR7A8rIDmi94D4&e= 

On Sat, Oct 22, 2016 at 04:48:01PM -0500, Mike Hammett wrote:
> Until Dyn says or someone says Dyn said, everything is assumed. 
> 
> ----- Original Message -----
> 
> From: "Peter Baldridge" <petebaldridge at gmail.com> 
> To: "Jean-Francois Mezei" <jfmezei_nanog at vaxination.ca> 
> Cc: nanog at nanog.org 
> Sent: Saturday, October 22, 2016 4:45:13 PM 
> Subject: Re: Death of the Internet, Film at 11 
> 
> On Sat, Oct 22, 2016 at 1:47 PM, Jean-Francois Mezei 
> <jfmezei_nanog at vaxination.ca> wrote: 
> > Generic question: 
> > 
> > The media seems to have concluded it was an "internet of things" that 
> > caused this DDoS. 
> > 
> > I have not seen any evidence of this. Has this been published by an 
> > authoritative source or is it just assumed? 
> 
> Flashpoint[0], krebs[1], arstechnica[2]. I'm not sure what credible 
> looks like unless they release a packet but this is probably 
> consensus. 
> 
> > Has the type of device involved been identified? 
> 
> routers and cameras with shitty firmware [3] 
> 
> > Is it more plausible that those devices were "hacked" in the OEM 
> > firmware and sold with the "virus" built-in ? That would explain the 
> > widespread attack. 
> 
> The source code has been released. krebs [4], code [5] 
> 
> > Also, in cases such as this one, while the target has managed to 
> > mitigate the attack, how long would such an attack typically continue 
> > and require blocking ? 
> This is an actual question that hasn't been answered. 
> 
> > Since the attack seemed focused on eastern USA DNS servers, would it be 
> > fair to assume that the attacks came mostly from the same region (aka: 
> > devices installed in eastern USA) ? (since anycast would point them to 
> > that). 
> 
> Aren't heat maps just population graphs? 
> 
> > BTW, normally, if you change the "web" password on a "device", it would 
> > also change telnet/SSH/ftp passwords. 
> 
> Seems like no one is doing either.

More information about the NANOG mailing list