On Tue, 04 Mar 2014 09:00:18 +0100, Jay Ashworth <j...@baylink.com> wrote:
http://arstechnica.com/security/2014/03/hackers-hijack-300000-plus-wireless-routers-make-malicious-changes/ Is there any valid reason not to black hole those /32s on the back bone?
The telltale sign a router has been compromised is DNS settings that have been changed to 5.45.75.11 and 5.45.76.36. Team Cymru researchers contacted the provider that hosts those two IP addresses but have yet to receive a response.
you wanted to say "blackhole those 5.45.72.0/22 and 5.45.76.0/22", aren't you?
Cheers
