IoT security

clinton mielke clinton.mielke at
Thu Feb 9 05:04:07 UTC 2017

Having spent the last few months systematically scanning ~700k of these
hosts, Im thinking the following could be considered:

As an ISP, scan your customers netrange, and notify customers with known
vulnerable devices. With regards to the current Mirai threat, theres only a
handful of devices that are the most critical importance. IE, biggest
fraction of the infected host pie.

Maybe someday I'll get around to parsing my database and auto-emailing the
abuse emails of the affected netranges. That was my intention..... but
dayjob got in the way.

This breaks down however when you look at the geographic distribution of
infected devices. Most are in Asian countries, so there would need to be
more cooperation among network operators there.

On Wed, Feb 8, 2017 at 6:03 PM, Carl Byington <carl at> wrote:

> Hash: SHA512
> On Wed, 2017-02-08 at 08:30 -0800, Damian Menscher wrote:
> > So here's a modest proposal: log in as root and brick the
> > device.
> I strongly suspect that when the problem gets bad *enough*, someone will
> do exactly that. Yes, it is illegal in many places. Since when has the
> fact that any particular act is illegal been sufficient to deter
> *everyone*?
> People still drive while drunk.
> Version: GnuPG v2.0.14 (GNU/Linux)
> iEYEAREKAAYFAlibzdIACgkQL6j7milTFsH/WgCdEvde+zMvm8lRUyx2ay3EltZT
> 97kAn3Hl2tjPe2eUqiagDXxlE75OO/Xg
> =W+Cq

More information about the NANOG mailing list