On 2016-10-27 23:24, Ronald F. Guilmette wrote:
I put forward what I think is a reasonbly modest scheme to try to get
IoT things to place hard limits on their "unsolicited" packet output at
the kernel level, and I'm going to go off now and try to find and then
engage some Linux embedded kernel people and see what they think. Maybe
the whole thing is a dumb idea and not worth persuing, but I'm not con-
vinced of that yet. So I'll go off, investigate in some more appropriate
forum, and report back here if/when I have anything useful to say.
Hacking embedded kernels to make them fault-tolerant, even in the event
of attackers getting a root shell prompt, isn't going to save the world
from DDoS attacks, but it may be one small part of the solution.
Regards,
rfg
This doesn't make sense to me. When the device is compromised, the
default software with the restrictions will just be reconfigured or
replaced. This process is similar to installing DD-WRT, or even a
simple update from the vendor, for example. Botnets download and
install the software they require and often they close the original
infection vector to prevent another botnet from reinfecting. Check out
the Mirai source code that was posted.
-Laszlo
