Spitballing IoT Security

Laszlo Hanyecz laszlo at heliacal.net
Fri Oct 28 00:48:09 UTC 2016


On 2016-10-27 23:24, Ronald F. Guilmette wrote:
> I put forward what I think is a reasonbly modest scheme to try to get
> IoT things to place hard limits on their "unsolicited" packet output at
> the kernel level, and I'm going to go off now and try to find and then
> engage some Linux embedded kernel people and see what they think.  Maybe
> the whole thing is a dumb idea and not worth persuing, but I'm not con-
> vinced of that yet.  So I'll go off, investigate in some more appropriate
> forum, and report back here if/when I have anything useful to say.
>
> Hacking embedded kernels to make them fault-tolerant, even in the event
> of attackers getting a root shell prompt, isn't going to save the world
> from DDoS attacks, but it may be one small part of the solution.
>
>
> Regards,
> rfg

This doesn't make sense to me.  When the device is compromised, the 
default software with the restrictions will just be reconfigured or 
replaced.  This process is similar to installing DD-WRT, or even a 
simple update from the vendor, for example.  Botnets download and 
install the software they require and often they close the original 
infection vector to prevent another botnet from reinfecting.  Check out 
the Mirai source code that was posted.

-Laszlo



More information about the NANOG mailing list