<!DOCTYPE html>
<html>
<head>
<title></title>
</head>
<body><div>The real problems are the cheap ones bought on ebay/aliexpress in volume - they've got powerful(ish) commodity CPUs and tend to be put in places where they've got more access than they need.<br></div>
<div><br></div>
<div>James</div>
<div><br></div>
<div><br></div>
<div>On Thu, 27 Oct 2016, at 13:18, James Morgan wrote:<br></div>
<blockquote type="cite"><div dir="ltr"><div>Without wanting to put the tinfoil hat on too tight, is there not perhaps some sort of consideration that many of these same companies make a lucrative living in selling us security related hardware and services?<br></div>
<div><br></div>
<div><div defang_data-gmailquote="yes"><blockquote style="margin-top:0px;margin-right:0px;margin-bottom:0px;margin-left:0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204, 204, 204);padding-left:1ex;" defang_data-gmailquote="yes"><div lang="EN-AU" bgcolor="white"><div><p><span class="colour" style="color:windowtext"><span class="font" style="font-family:Calibri, sans-serif"><span class="size" style="font-size:11pt"> <u></u></span></span></span><br></p><div><div style="border-right-width:initial;border-bottom-width:initial;border-left-width:initial;border-right-style:none;border-bottom-style:none;border-left-style:none;border-right-color:initial;border-bottom-color:initial;border-left-color:initial;border-image-source:initial;border-image-slice:initial;border-image-width:initial;border-image-outset:initial;border-image-repeat:initial;border-top-width:1pt;border-top-style:solid;border-top-color:rgb(225, 225, 225);padding-top:3pt;padding-right:0cm;padding-bottom:0cm;padding-left:0cm;"><p><b><span class="colour" style="color:windowtext"><span class="font" style="font-family:Calibri, sans-serif"><span class="size" style="font-size:11pt">From:</span></span></span></b><span class="colour" style="color:windowtext"><span class="font" style="font-family:Calibri, sans-serif"><span class="size" style="font-size:11pt"> AusNOG [mailto:<a href="mailto:ausnog-bounces@lists.ausnog.net">ausnog-bounces@lists.<wbr>ausnog.net</a>] <b>On Behalf Of </b>Jim Woodward<br> <b>Sent:</b> Thursday, 27 October 2016 12:53 PM<br> <b>To:</b> <a href="mailto:ausnog@lists.ausnog.net">ausnog@lists.ausnog.net</a><br> <b>Subject:</b> Re: [AusNOG] The shape of DDoS to come<u></u><u></u></span></span></span></p></div>
</div>
<p><u></u> <u></u><br></p><p><u></u> <u></u><br></p><p>Given the CPU power of modern routers the issue is that they now have resources well in excess of any WAN link to fill said link with traffic and not even break a sweat, security is definitely an area that needs to be consider closely.<u></u><u></u><br></p><p>I am a believer that subscription services from vendors should exist (e.g. Cisco) but major security updates should be free for the lifetime of the device, Having worked in the industry for a long time I can attest to the fact that having a support contract
doesn't mean devices are kept to a regular update schedule, in fact I have replaced failed units under contract in the field that are covered by a SMARTNET and been told to install an IOS many years old because that's what the original device had, not something
I would do if it was a device within my control.<u></u><u></u><br></p><p>I think an open model for security patches does need to be considered for the greater good.<u></u><u></u><br></p><p>Kind Regards,<u></u><u></u><br></p><p>Jim.<u></u><u></u><br></p><p><u></u> <u></u><br></p><p><u></u> <u></u><br></p><div><p>On 27/10/2016 12:15 PM, Peter Tiggerdine wrote:<u></u><u></u><br></p></div>
<blockquote style="margin-top:5pt;margin-bottom:5pt;"><div><p>Reading both articles seems to give a lot of "creative license" to the term IoT. This is the problem with journo's today, facts from credible and verifiable sources seems to be not a requirement anymore. At least Ars mentioned it in the
article, but it begs the question why print it? <u></u><u></u><br></p><div><p><u></u> <u></u><br></p></div>
<div><p>DVR and IP cameras aren't IoT. We've had both of those long before the term IoT existed. <u></u><u></u><br></p></div>
<div><p><u></u> <u></u><br></p></div>
<div><p>Unpatched home routers are likely to make up the bulk of the traffic <u></u><u></u><br></p></div>
</div>
<div><p><u></u><u></u><br></p><div><div><div><div><div><p>Regards, <u></u><u></u><br></p><div><p><u></u> <u></u><br></p></div>
<div><p>Peter Tiggerdine<u></u><u></u><br></p></div>
<div><p><u></u> <u></u><br></p></div>
<div><p>GPG Fingerprint: 2A3F EA19 F6C2 93C1 411D 5AB2 D5A8 E8A8 0E74 6127<u></u><u></u><br></p></div>
</div>
</div>
</div>
</div>
</div>
<p><u></u> <u></u><br></p><div><p>On Thu, Oct 27, 2016 at 10:45 AM, Nick Stallman <<a href="mailto:nick@agentpoint.com">nick@agentpoint.com</a>> wrote:<u></u><u></u><br></p><blockquote style="border-top-width:initial;border-right-width:initial;border-bottom-width:initial;border-top-style:none;border-right-style:none;border-bottom-style:none;border-top-color:initial;border-right-color:initial;border-bottom-color:initial;border-image-source:initial;border-image-slice:initial;border-image-width:initial;border-image-outset:initial;border-image-repeat:initial;border-left-width:1pt;border-left-style:solid;border-left-color:rgb(204, 204, 204);padding-top:0cm;padding-right:0cm;padding-bottom:0cm;padding-left:6pt;margin-left:4.8pt;margin-right:0cm;"><p><div>Yes there is.<br></div>
<div> There are a few keywords to focus on however.<br></div>
<div> <br></div>
<div> Like 'part'. Technically if just a single IoT device was part of the attack then the media will say it was a IoT attack.<br></div>
<div> <br></div>
<div> And 'device'. If you start calling security DVR's IoT devices (arguably they aren't, they are a server) then yep a few thousand of them took part.<br></div>
<div> <br></div>
<div> I could be wrong but my impression was the bulk was traditional DDoS and not mostly IoT.<br></div>
<div> <br></div>
<div> On 27/10/16 11:17, Peter Tiggerdine wrote:<u></u><u></u><br></div>
</p><blockquote style="border-top-width:initial;border-right-width:initial;border-bottom-width:initial;border-top-style:none;border-right-style:none;border-bottom-style:none;border-top-color:initial;border-right-color:initial;border-bottom-color:initial;border-image-source:initial;border-image-slice:initial;border-image-width:initial;border-image-outset:initial;border-image-repeat:initial;border-left-width:1pt;border-left-style:solid;border-left-color:rgb(204, 204, 204);padding-top:0cm;padding-right:0cm;padding-bottom:0cm;padding-left:6pt;margin-left:4.8pt;margin-right:0cm;"><p><div>Is there any evidence to suggest that IoT devices played a part on this DDoS? My understanding is we're still dealing with the same problem as ever; unpatched/secured desktops/routers/switches which when you consider how accessible large
amounts of bandwidth is explain the increase in DDoS size.<br></div>
<div> <br></div>
<div> Most IoT devices don't enough CPU power to contribute more than 1K sustained. Doesn't mean there's not alot to be done in the security space with IoT, just means there's better targets with greater return.<br></div>
<div> <br></div>
<div> Regards,<br></div>
<div> <br></div>
<div> Peter Tiggerdine<br></div>
<div> <br></div>
<div> GPG Fingerprint: 2A3F EA19 F6C2 93C1 411D 5AB2 D5A8 E8A8 0E74 6127<br></div>
<div> <br></div>
<div> On Thu, Oct 27, 2016 at 9:54 AM, <a href="mailto:mike@thebibers.com"> mike@thebibers.com</a> <mailto:<a href="mailto:mike@thebibers.com">mike@thebibers.com</a>> <<a href="mailto:mbiber@ipv6forum.com.au">mbiber@ipv6forum.com.au</a> <mailto:<a href="mailto:mbiber@ipv6forum.com.au">mbiber@ipv6forum.com.<wbr>au</a>>>
wrote:<br></div>
<div> <br></div>
<div> IPv6 with mandatory IPsec Authentication through filtering engines?<br></div>
<div> <br></div>
<div> Michael Biber<br></div>
<div> IPv6Now<br></div>
<div> <a href="http://6now.net">6now.net</a> <<a href="http://6now.net">http://6now.net</a>><br></div>
<div> <a href="tel:0412058808">0412058808</a> <tel:<a href="tel:0412058808">0412058808</a>><br></div>
<div> <br></div>
<div> <br></div>
<div> On 27 Oct 2016 10:03 AM, "Paul Wilkins" <<a href="mailto:paulwilkins369@gmail.com">paulwilkins369@gmail.com</a><br></div>
<div> <mailto:<a href="mailto:paulwilkins369@gmail.com">paulwilkins369@gmail.<wbr>com</a>>> wrote:<br></div>
<div> <br></div>
<div> After Mirai's 1.2Tbps, which is pretty much unmitigateable,<br></div>
<div> perhaps time for the industry to realise that IoT means we've<br></div>
<div> arrived at a new age of DDoS. If this is the shape of things<br></div>
<div> to come, where do we go from here?<br></div>
<div> <br></div>
<div> Kind regards<br></div>
<div> <br></div>
<div> Paul Wilkins<br></div>
<div> <br></div>
<div> ______________________________<wbr>_________________<br></div>
<div> AusNOG mailing list<br></div>
<div> <a href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a> <mailto:<a href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.<wbr>net</a>><br></div>
<div> <a href="http://lists.ausnog.net/mailman/listinfo/ausnog"> http://lists.ausnog.net/<wbr>mailman/listinfo/ausnog</a><br></div>
<div> <<a href="http://lists.ausnog.net/mailman/listinfo/ausnog">http://lists.ausnog.net/<wbr>mailman/listinfo/ausnog</a>><br></div>
<div> <br></div>
<div> <br></div>
<div> ______________________________<wbr>_________________<br></div>
<div> AusNOG mailing list<br></div>
<div> <a href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a> <mailto:<a href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.<wbr>net</a>><br></div>
<div> <a href="http://lists.ausnog.net/mailman/listinfo/ausnog">http://lists.ausnog.net/<wbr>mailman/listinfo/ausnog</a><br></div>
<div> <<a href="http://lists.ausnog.net/mailman/listinfo/ausnog">http://lists.ausnog.net/<wbr>mailman/listinfo/ausnog</a>><br></div>
<div> <br></div>
<div> <br></div>
<div> <br></div>
<div> <br></div>
<div> ______________________________<wbr>_________________<br></div>
<div> AusNOG mailing list<br></div>
<div> <a href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a><br></div>
<div> <a href="http://lists.ausnog.net/mailman/listinfo/ausnog">http://lists.ausnog.net/<wbr>mailman/listinfo/ausnog</a><u></u><u></u><br></div>
</p></blockquote><p><span class="colour" style="color:rgb(136, 136, 136)"><br><span>-- </span><br> <span>Nick Stallman</span><br> <span>Technical Director</span><br> <span>Agentpoint Pty Ltd</span><br> <span>The Real Estate Web Developers</span><br> <span>Melbourne | Sydney | Miami</span><br> <span><a href="mailto:nick@agentpoint.com">nick@agentpoint.com</a></span><br> <span><a href="http://www.agentpoint.com.au">www.agentpoint.com.au</a> | <a href="http://www.zooproperty.com">www.zooproperty.com</a> | <a href="http://www.ginga.com.au"> www.ginga.com.au</a> | <a href="http://www.business2.com.au">www.business2.com.au</a></span><br> <br> <span><a href="http://Business2.com.au">Business2.com.au</a> is a real estate agent information website that helps you understand Portals, Technology and comes with FREE tools to help your Agency become an online success!</span></span> <u></u><u></u></p><div><div><p><div><br></div>
<div>______________________________<wbr>_________________<br></div>
<div> AusNOG mailing list<br></div>
<div> <a href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a><br></div>
<div> <a href="http://lists.ausnog.net/mailman/listinfo/ausnog">http://lists.ausnog.net/<wbr>mailman/listinfo/ausnog</a><u></u><u></u><br></div>
</p></div>
</div>
</blockquote></div>
<p><u></u> <u></u><br></p></div>
<p><div><br></div>
<div><br></div>
<div><u></u><u></u><br></div>
</p><pre>______________________________<wbr>_________________<u></u><u></u><br></pre><pre>AusNOG mailing list<u></u><u></u><br></pre><pre><a href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a><u></u><u></u><br></pre><pre><a href="http://lists.ausnog.net/mailman/listinfo/ausnog">http://lists.ausnog.net/<wbr>mailman/listinfo/ausnog</a><u></u><u></u><br></pre></blockquote><p><u></u> <u></u><br></p></div>
</div>
</blockquote></div>
</div>
</div>
<div><u>_______________________________________________</u><br></div>
<div>AusNOG mailing list<br></div>
<div><a href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a><br></div>
<div><a href="http://lists.ausnog.net/mailman/listinfo/ausnog">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br></div>
</blockquote><div><br></div>
</body>
</html>