[AusNOG] Analysis of the Carna Botnet (Internet Census 2012)

Joseph Goldman joe at apcs.com.au
Fri May 31 10:20:09 EST 2013


On the tail of this discussion, it seems members of the Google team are 
advocating a particular stance on this issue:

https://threatpost.com/google-advocates-7-day-deadline-to-publicize-critical-vulnerabilities/

On 29/05/13 17:14, Tim March wrote:
>
> On 29/05/13 4:31 PM, Joseph Goldman wrote:
>> I wouldn't say they were 'advocating' the technique, merely pointing out
>> it is the lesser of 2 evils. I'd much rather go through the hassle of
>> reconfiguring users routers than dealing with the fallout of customer
>> financial details being leaked from my system.
>>
>
> The least of all evils is that the carriers block ingress TCP:22/23 
> unless otherwise specified while they work with the user base to clean 
> things up. Internode do something along these lines where by default a 
> bunch of known-bad ports are blocked and users can unblock them via 
> web UI where required.
>
> I'm certainly not ADVOCATING malicious action... other than to say 
> that, as we've discussed, it would be p!ss easy to execute en masse 
> and that eventually someone will. What remains to be seen is how much 
> work the carriers are willing to put in to fixing the issue before 
> that happens.
>
> Exploiting a couple of thousand routers and dropping the user 
> credentials would take about 5 minutes to automate and a couple of 
> hours to run. I'm sure there's some CYBER JOURNOS at CYBER FAIRFAX 
> that would run that CYBER HACKING CYBER STORY.... CYBER!
>
>> I would prefer more someone call me and say 'Hey, i found this on your
>> network, you should fix', but where's the lulz in that?
>>
>
> A colleague just dropped this post on "You need to fix" vs "LULZ!" 
> that talks about his decision making process...
>
> http://www.troyhunt.com/2013/05/the-responsibility-of-public-disclosure.html 
>
>
>
>
> Regards,
> Tim "CYBER" March
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog




More information about the AusNOG mailing list