On Sat, Oct 22, 2016 at 1:47 PM, Jean-Francois Mezei <jfmezei_na...@vaxination.ca> wrote: > Generic question: > > The media seems to have concluded it was an "internet of things" that > caused this DDoS. > > I have not seen any evidence of this. Has this been published by an > authoritative source or is it just assumed?
Flashpoint[0], krebs[1], arstechnica[2]. I'm not sure what credible looks like unless they release a packet but this is probably consensus. > Has the type of device involved been identified? routers and cameras with shitty firmware [3] > Is it more plausible that those devices were "hacked" in the OEM > firmware and sold with the "virus" built-in ? That would explain the > widespread attack. The source code has been released. krebs [4], code [5] > Also, in cases such as this one, while the target has managed to > mitigate the attack, how long would such an attack typically continue > and require blocking ? This is an actual question that hasn't been answered. > Since the attack seemed focused on eastern USA DNS servers, would it be > fair to assume that the attacks came mostly from the same region (aka: > devices installed in eastern USA) ? (since anycast would point them to > that). Aren't heat maps just population graphs? > BTW, normally, if you change the "web" password on a "device", it would > also change telnet/SSH/ftp passwords. Seems like no one is doing either. [0] https://www.flashpoint-intel.com/mirai-botnet-linked-dyn-dns-ddos-attacks/ [1] https://krebsonsecurity.com/2016/10/hacked-cameras-dvrs-powered-todays-massive-internet-outage/ [2] http://arstechnica.com/security/2016/10/double-dip-internet-of-things-botnet-attack-felt-across-the-internet/ [3] https://blog.sucuri.net/2016/09/iot-home-router-botnet-leveraged-in-large-ddos-attack.html [4] https://krebsonsecurity.com/2016/10/source-code-for-iot-botnet-mirai-released/ [5] https://github.com/jgamblin/Mirai-Source-Code -- Pete Baldridge 206.992.2852
