Spitballing IoT Security

Ronald F. Guilmette rfg at tristatelogic.com
Thu Oct 27 23:24:07 UTC 2016

In message <CAF-Wqd5kuxZwFZ5gwCP9-k7chX6y06JMoMoZdvP_i2oRvbmFUg at mail.gmail.com>
Ken Matlock <matlockken at gmail.com> wrote:

>Fixing the current wave of 'IoT' devices and phones and Tv's etc is only
>putting a bandaid on a broken arm. It gives the illusion of progress...

>Until we accept that it's *everyone's* problem and work to fix the things
>under our control and work as an advocate for the other layers, we will
>continue to suffer attacks.


Even if we could snap our fingers and fix the whole morass that is
the IoT problem tomorrow, that still wouldn't prevent dumb consumers
from pulling their dusty old Windows XP laptops own out of their
closets and hooking them up directly to the Internet.  Nor would it
do anything about the small ISPs that have "mailbox full" [email protected]
addresses, or the even larger ISPs that allow deliberately spoofed
packets out onto the public Internet, or the Tier 1s that still peer
with known utterly irresponsible ASNs.

But, ya know, you gotta start someplace.  And we can't let the perfect
be the enemy of the good.  That just won't wash anymore, I think.  Not
after last Friday.

I put forward what I think is a reasonbly modest scheme to try to get
IoT things to place hard limits on their "unsolicited" packet output at
the kernel level, and I'm going to go off now and try to find and then
engage some Linux embedded kernel people and see what they think.  Maybe
the whole thing is a dumb idea and not worth persuing, but I'm not con-
vinced of that yet.  So I'll go off, investigate in some more appropriate
forum, and report back here if/when I have anything useful to say.

Hacking embedded kernels to make them fault-tolerant, even in the event
of attackers getting a root shell prompt, isn't going to save the world
from DDoS attacks, but it may be one small part of the solution.


P.S.  In the scheme I proposed, I left out one additional nicety that
embedded kernels could also do to enhance security, namely disabling
raw sockets completely in the kernel.  No normal IoT thing needs the
ability to forge outbound packets.  But I would be willing to bet my
bottom dollar, right now, that if we poked around long enough we could
surely find some easily break-in-able busybox-based thingies out there,
right now, as we speak, into which a binary could dropped that would
have no trouble at all opening raw outbound sockets.

BCP38 for toasters anyone?

More information about the NANOG mailing list