[AusNOG] Analysis of the Carna Botnet (Internet Census 2012)
Tim March
march.tim at gmail.com
Wed May 29 17:14:04 EST 2013
On 29/05/13 4:31 PM, Joseph Goldman wrote:
> I wouldn't say they were 'advocating' the technique, merely pointing out
> it is the lesser of 2 evils. I'd much rather go through the hassle of
> reconfiguring users routers than dealing with the fallout of customer
> financial details being leaked from my system.
>
The least of all evils is that the carriers block ingress TCP:22/23
unless otherwise specified while they work with the user base to clean
things up. Internode do something along these lines where by default a
bunch of known-bad ports are blocked and users can unblock them via web
UI where required.
I'm certainly not ADVOCATING malicious action... other than to say that,
as we've discussed, it would be p!ss easy to execute en masse and that
eventually someone will. What remains to be seen is how much work the
carriers are willing to put in to fixing the issue before that happens.
Exploiting a couple of thousand routers and dropping the user
credentials would take about 5 minutes to automate and a couple of hours
to run. I'm sure there's some CYBER JOURNOS at CYBER FAIRFAX that would
run that CYBER HACKING CYBER STORY.... CYBER!
> I would prefer more someone call me and say 'Hey, i found this on your
> network, you should fix', but where's the lulz in that?
>
A colleague just dropped this post on "You need to fix" vs "LULZ!" that
talks about his decision making process...
http://www.troyhunt.com/2013/05/the-responsibility-of-public-disclosure.html
Regards,
Tim "CYBER" March
More information about the AusNOG
mailing list