On 10/23/2016 4:19 PM, Ronald F. Guilmette wrote:
... I've recorded
about 2.4 million IP addresses involved in the last two months (a number
that is higher than the number of actual devices, since most seem to
have dynamic IP addresses). The ISPs behind those IP addresses have
received
Aaron C. de Bruyn via NANOG :
> On Sun, Oct 23, 2016 at 12:41 PM, wrote:
> >
> > Assuming these manufacturers who are culpable carry product liability
> > insurance go to their insurance companies and explain the situation.
>
> Cheaper solution: Start a
A bit tidbits of information from:
> http://www.networkworld.com/article/3134035/chinese-firm-admits-its-hacked-products-were-behind-fridays-massive-ddos-attack.html
Chinese firm admits its hacked products were behind Friday's massive
DDOS attack
Hangzhou Xiongmai Technology, a vendor behind
On Sun, Oct 23, 2016 at 12:41 PM, wrote:
>
> Assuming these manufacturers who are culpable carry product liability
> insurance go to their insurance companies and explain the situation.
Cheaper solution: Start a company, build crappy firmware, carry
product liability
On 10/23/2016 21:02, David Conrad wrote:
Shut down subnets of your own customers?
That was the problem I broke my pick on 20 years or more ago.
ISPs absolute refusal to put in filters at no-revenue-expense since it
would cost money to install and maintain, and worst of all MIGHT
On 10/23/2016 07:02 PM, David Conrad wrote:
> On October 23, 2016 at 6:52:05 PM, Stephen Satchell (l...@satchell.net) wrote:
> So, bottom line, nothing is going to happen until the cost to those
> negligent provides rises so high as to affect profits. Period.
> Yep. Or government intervention.
On October 23, 2016 at 6:52:05 PM, Stephen Satchell (l...@satchell.net) wrote:
So, bottom line, nothing is going to happen until the cost to those
negligent provides rises so high as to affect profits. Period.
Yep. Or government intervention.
Larger eyeball operators could help, by shutting
On 10/23/2016 04:19 PM, Ronald F. Guilmette wrote:
> I guess that's just an example of what somebody else already noted here,
> i.e. that providers don't care to spend the time and/or effort and/or
> money necessary to actually -do- anything about compromised boxes, and
> anyway, they don't want
I've heard this crap for 20+ years now. "attack traffic" is unplanned
traffic. Build networks to support "random" bursts of garbage is much more
expensive then you will ever get to bill for. You clearly have no
understanding of the economics of networks.
On Sun, Oct 23, 2016 at 10:39 PM, Keith
A support call to an end-user serving ISP takes how long to ROI? That wouldn't
make sense.
-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com
Midwest-IX
http://www.midwest-ix.com
- Original Message -
From: "Keith Medcalf"
To:
Why would the provider want to do anything? They suuport (make money from)
their cudtomers. And the more traffic the send/receive, the more money the
providers make.
Wouldn't surprise me if the providers were selling access to their customers
networks to the botherders so they could make
On October 23, 2016 at 17:14 hanni...@gmail.com (Martin Hannigan) wrote:
> >
>
>On Oct 23, 2016, at 16:26, b...@theworld.com wrote:
>
>
>
>I'm not sure who you mean when you say "people". My reference was to
>manufacturers of IoT devices only.
>
>
>The users are not going to be able
In message <874m43qsk2@mid.deneb.enyo.de>,
Florian Weimer wrote:
>Not that the underlying threat will go away until we find a way to
>clean up almost all of the compromised devices (and without breaking
>the Internet along the way, forever).
The Internet *is* already
In message <26b01962-9b09-11cb-0ac8-89cf3e0a5...@nuclearfallout.net>,
John Weekes wrote:
>... I've recorded
>about 2.4 million IP addresses involved in the last two months (a number
>that is higher than the number of actual devices, since most seem to
>have dynamic
In message <580bf91d.9060...@vaxination.ca>,
Jean-Francois Mezei wrote:
>Problem is that many of these gadgets want to be internet connected so
>mother at work can check on her kids at home...
Ah, technology! Just think what certain people could have accomplished
In message
In message <580bf49c.5090...@vaxination.ca>,
Jean-Francois Mezei wrote:
>10s of millons of IP addresses. Is it realistic to have 10s of millions
>of infected devices ? Or is that the dense smoke that points to IP
>spoofing ?
I haven't read the latest
In message
On 2016-10-23 15:46, jim deleskie wrote:
> Sure lets sue people because they put too many/bad packets/packets I don't
> like on the internet. Do you think this will really solve the porblem? Do
> you think we'll not just all end up with internet prices like US medical
> care prices?
If this
> On Oct 23, 2016, at 16:26, b...@theworld.com wrote:
>
>
> I'm not sure who you mean when you say "people". My reference was to
> manufacturers of IoT devices only.
The users are not going to be able to help. You're right, it's all about the
manufacturers. If you can remove or reduce
I'm not sure who you mean when you say "people". My reference was to
manufacturers of IoT devices only.
But as I said in the note which you quoted lawsuits might be helpful
but aren't necessary.
One just has to get underwriters of the manufacturers' product
liability insurance to acknowledge
Sure lets sue people because they put too many/bad packets/packets I don't
like on the internet. Do you think this will really solve the porblem? Do
you think we'll not just all end up with internet prices like US medical
care prices?
On Sun, Oct 23, 2016 at 4:41 PM, wrote:
>So once identified, how do you suggest this gets fixed?
Assuming these manufacturers who are culpable carry product liability
insurance go to their insurance companies and explain the situation.
Better would be someone launching a product liability lawsuit against
one of them but it's not
I think you make a very good point with the TRS80 etc comment, at
least implicitly: it's not just the vulnerable IoT devices, some sort
of infrastructure is needed to get the attack going at the volume
we've seen.
And perhaps therein lies an answer.
On October 22, 2016 at 16:47
Clinton,
On 10/23/2016 8:12 AM, clinton mielke wrote:
My question for you guys, since Im a theoretician and not a seasoned
operator: how feasible or legal is it to find telnet scanning activity or
any of these passwords in high-bandwidth netflows? If its feasible, then
this at least gets you
Clinton,
This is excellent information. While it's not possible to see passwords in
netflows (only headers are included, not packet contents), it's a sure thing
that attacked victims could extract a list of infected machines from the IP
address scan and then run verification scans against just
A number of people are asking for advice on how to detect this bug. Here
are some thoughts. Im a mathematician, and not a network operator, so would
love feedback.
The source code of Mirai is here, and Ive had some fun taking it apart over
the last week:
* Randy Bush:
>> What does BCP38 have to do with this?
>
> nothing technical, as these iot attacks are not spoofed.
How do you know? Has anyone disclosed specifics?
I can understand that keeping details under wraps is sometimes
required for operational security, but if the attacks are clearly
* Keith Medcalf:
> On: Saturday, 22 October, 2016 17:41, Jean-Francois Mezei
> wrote:
>
>> On 2016-10-22 19:03, Keith Medcalf wrote:
>
>> > This does not follow and is not a natural consequence of sealing the
>> little buggers up so that they cannot affect the
* David Conrad:
> Maybe (not sure) one way would be to examine your resolver query logs
> to look for queries for names that fit domain generation algorithm
> patterns, then tracking down the customers/devices that are issuing
> those queries and politely suggest they remove the malware on their
>From Dyn's statement,
http://hub.dyn.com/static/hub.dyn.com/dyn-blog/dyn-statement-on-10-21-2016-ddos-attack.html
we have
"After restoring service, Dyn experienced a second wave of attacks
just before noon ET. This second wave was more global in nature
(i.e. not limited to our East Coast
31 matches
Mail list logo