Spitballing IoT Security

Jean-Francois Mezei jfmezei_nanog at vaxination.ca
Tue Oct 25 08:37:19 UTC 2016

On 2016-10-25 04:10, Ronald F. Guilmette wrote:

> If all of the *&^%$# damn stupid vacation pet feeders had originally shipped
> with outbound rate limits hard-coded in the kernel, maybe this could have
> been avoided.

I view this differently.

The problem is in allowing inbound connections and going as far as doing
UPnP to tell the CPE router to open a inbound door to let hackers loging
to that IoT  pet feeder to turn it into an agressive DNS destroyer.

Then again, you need to have the owner access the pet feeder from the
remote beach to feed the dog.

One way around this is for the pet feeder to initiate outbound
connection to a central server, and have the pet onwer connect to that
server to ask the server to send command to his pet feeder to feed the dog.

This way, there need not be any inbound connection to the pet feeder.

More information about the NANOG mailing list