[AusNOG] Analysis of the Carna Botnet (Internet Census 2012)

Heinz N ausnog at equisoft.com.au
Wed May 29 17:23:21 EST 2013


> The least of all evils is that the carriers block ingress TCP:22/23 unless 
> otherwise specified while they work with the user base to clean things up. 
> Internode do something along these lines where by default a bunch of 
> known-bad ports are blocked and users can unblock them via web UI where 
> required.

I would also block 80, 8080 & 443 .... it is shocking just how many 
devices have admin interfaces on the WAN. Not even mentioning the special 
packets that can game some devices. There are some devices with absolutely 
horrendous hardware sploits that cannot be blocked. I would want to know 
if I had one of those. It would go into the bin immediately.

H.



More information about the AusNOG mailing list