[AusNOG] Analysis of the Carna Botnet (Internet Census 2012)

Tim March march.tim at gmail.com
Wed May 29 17:14:04 EST 2013


On 29/05/13 4:31 PM, Joseph Goldman wrote:
> I wouldn't say they were 'advocating' the technique, merely pointing out
> it is the lesser of 2 evils. I'd much rather go through the hassle of
> reconfiguring users routers than dealing with the fallout of customer
> financial details being leaked from my system.
>

The least of all evils is that the carriers block ingress TCP:22/23 
unless otherwise specified while they work with the user base to clean 
things up. Internode do something along these lines where by default a 
bunch of known-bad ports are blocked and users can unblock them via web 
UI where required.

I'm certainly not ADVOCATING malicious action... other than to say that, 
as we've discussed, it would be p!ss easy to execute en masse and that 
eventually someone will. What remains to be seen is how much work the 
carriers are willing to put in to fixing the issue before that happens.

Exploiting a couple of thousand routers and dropping the user 
credentials would take about 5 minutes to automate and a couple of hours 
to run. I'm sure there's some CYBER JOURNOS at CYBER FAIRFAX that would 
run that CYBER HACKING CYBER STORY.... CYBER!

> I would prefer more someone call me and say 'Hey, i found this on your
> network, you should fix', but where's the lulz in that?
>

A colleague just dropped this post on "You need to fix" vs "LULZ!" that 
talks about his decision making process...

http://www.troyhunt.com/2013/05/the-responsibility-of-public-disclosure.html



Regards,
Tim "CYBER" March



More information about the AusNOG mailing list