[AusNOG] The shape of DDoS to come

James Hodgkinson yaleman at ricetek.net
Thu Oct 27 14:25:48 EST 2016 

The real problems are the cheap ones bought on ebay/aliexpress in volume
- they've got powerful(ish) commodity CPUs and tend to be put in places
where they've got more access than they need.

James


On Thu, 27 Oct 2016, at 13:18, James Morgan wrote:
> Without wanting to put the tinfoil hat on too tight, is there not
> perhaps some sort of consideration that many of these same companies
> make a lucrative living in selling us security related hardware and
> services?
>
>>  __
>> *From:* AusNOG [mailto:ausnog-bounces at lists.ausnog.net] *On Behalf Of
>> *Jim Woodward *Sent:* Thursday, 27 October 2016 12:53 PM *To:*
>> ausnog at lists.ausnog.net *Subject:* Re: [AusNOG] The shape of DDoS to
>> come____
>> __ __
>> __ __
>> Given the CPU power of modern routers the issue is that they now have
>> resources well in excess of any WAN link to fill said link with
>> traffic and not even break a sweat, security is definitely an area
>> that needs to be consider closely.____
>> I am a believer that subscription services from vendors should exist
>> (e.g. Cisco) but major security updates should be free for the
>> lifetime of the device, Having worked in the industry for a long time
>> I can attest to the fact that having a support contract doesn't mean
>> devices are kept to a regular update schedule, in fact I have
>> replaced failed units under contract in the field that are covered by
>> a SMARTNET and been told to install an IOS many years old because
>> that's what the original device had, not something I would do if it
>> was a device within my control.____
>> I think an open model for security patches does need to be considered
>> for the greater good.____
>> Kind Regards,____
>> Jim.____
>> __ __
>> __ __
>> On 27/10/2016 12:15 PM, Peter Tiggerdine wrote:____
>>> Reading both articles seems to give a lot of "creative license" to
>>> the term IoT. This is the problem with journo's today, facts from
>>> credible and verifiable sources seems to be not a requirement
>>> anymore. At least Ars mentioned it in the article, but it begs the
>>> question why print it?  ____
>>> __ __
>>> DVR and IP cameras aren't IoT. We've had both of those long before
>>> the term IoT existed. ____
>>> __ __
>>> Unpatched home routers are likely to make up the bulk of the
>>> traffic ____
>>> ____
>>> Regards, ____
>>> __ __
>>> Peter Tiggerdine____
>>> __ __
>>> GPG Fingerprint: 2A3F EA19 F6C2 93C1 411D 5AB2 D5A8 E8A8 0E74
>>> 6127____
>>> __ __
>>> On Thu, Oct 27, 2016 at 10:45 AM, Nick Stallman
>>> <nick at agentpoint.com> wrote:____
>>>> Yes there is.
>>>>  There are a few keywords to focus on however.
>>>>
>>>>  Like 'part'. Technically if just a single IoT device was part of
>>>>  the attack then the media will say it was a IoT attack.
>>>>
>>>>  And 'device'. If you start calling security DVR's IoT devices
>>>>  (arguably they aren't, they are a server) then yep a few thousand
>>>>  of them took part.
>>>>
>>>>  I could be wrong but my impression was the bulk was traditional
>>>>  DDoS and not mostly IoT.
>>>>
>>>>  On 27/10/16 11:17, Peter Tiggerdine wrote:____
>>>>> Is there any evidence to suggest that IoT devices played a part on
>>>>> this DDoS? My understanding is we're still dealing with the same
>>>>> problem as ever; unpatched/secured desktops/routers/switches which
>>>>> when you consider how accessible large amounts of bandwidth is
>>>>> explain the increase in DDoS size.
>>>>>
>>>>>  Most IoT devices don't enough CPU power to contribute more than
>>>>>  1K sustained. Doesn't mean there's not alot to be done in the
>>>>>  security space with IoT, just means there's better targets with
>>>>>  greater return.
>>>>>
>>>>>  Regards,
>>>>>
>>>>>  Peter Tiggerdine
>>>>>
>>>>>  GPG Fingerprint: 2A3F EA19 F6C2 93C1 411D 5AB2 D5A8 E8A8 0E74
>>>>>  6127
>>>>>
>>>>>  On Thu, Oct 27, 2016 at 9:54 AM,  mike at thebibers.com
>>>>>  <mailto:mike at thebibers.com> <mbiber at ipv6forum.com.au
>>>>>  <mailto:mbiber at ipv6forum.com.au>> wrote:
>>>>>
>>>>>      IPv6 with mandatory IPsec Authentication through filtering
>>>>>      engines?
>>>>>
>>>>>      Michael Biber
>>>>>      IPv6Now
>>>>>      6now.net <http://6now.net>
>>>>>      0412058808 <tel:0412058808>
>>>>>
>>>>>
>>>>>      On 27 Oct 2016 10:03 AM, "Paul Wilkins"
>>>>>      <paulwilkins369 at gmail.com
>>>>>      <mailto:paulwilkins369 at gmail.com>> wrote:
>>>>>
>>>>>          After Mirai's 1.2Tbps, which is pretty much
>>>>>          unmitigateable,
>>>>>          perhaps time for the industry to realise that IoT means
>>>>>          we've
>>>>>          arrived at a new age of DDoS. If this is the shape of
>>>>>          things
>>>>>          to come, where do we go from here?
>>>>>
>>>>>          Kind regards
>>>>>
>>>>>          Paul Wilkins
>>>>>
>>>>>          _______________________________________________
>>>>>          AusNOG mailing list
>>>>>          AusNOG at lists.ausnog.net <mailto:AusNOG at lists.ausnog.net>
>>>>>           http://lists.ausnog.net/mailman/listinfo/ausnog
>>>>>          <http://lists.ausnog.net/mailman/listinfo/ausnog>
>>>>>
>>>>>
>>>>>      _______________________________________________
>>>>>      AusNOG mailing list
>>>>>      AusNOG at lists.ausnog.net <mailto:AusNOG at lists.ausnog.net>
>>>>>      http://lists.ausnog.net/mailman/listinfo/ausnog
>>>>>      <http://lists.ausnog.net/mailman/listinfo/ausnog>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>  _______________________________________________
>>>>>  AusNOG mailing list
>>>>> AusNOG at lists.ausnog.net
>>>>> http://lists.ausnog.net/mailman/listinfo/ausnog____
>>>>
>>>> --
>>>> Nick Stallman Technical Director Agentpoint Pty Ltd The Real Estate
>>>> Web Developers Melbourne | Sydney | Miami nick at agentpoint.com
>>>> www.agentpoint.com.au | www.zooproperty.com |  www.ginga.com.au |
>>>> www.business2.com.au
>>>>
>>>> Business2.com.au is a real estate agent information website that
>>>> helps you understand Portals, Technology and comes with FREE tools
>>>> to help your Agency become an online success! ____
>>>>
>>>> _______________________________________________
>>>>  AusNOG mailing list
>>>> AusNOG at lists.ausnog.net
>>>> http://lists.ausnog.net/mailman/listinfo/ausnog____
>>> __ __
>>>
>>>
>>> ____


>>> ___________________________________________________
>>> AusNOG mailing list____ AusNOG at lists.ausnog.net____
>>> http://lists.ausnog.net/mailman/listinfo/ausnog____
>> __ __
> _________________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20161027/8a0a7d34/attachment.html>

More information about the AusNOG mailing list