New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Finally finished going through an attack log, anyone want to analyze it also?Message me I'll send it
Linode in Atlanta was also attacked by a DDoS tonight (again...)
https://status.linode.com/
Sales teams at Major network gear manufacturers are on Hookers and Coke tonight.
I think you mean on the phone to the Audi dealer
Actually getting providers to deploy and use BCP38 would be a good start, so far as I can see. I guess that depends on your definition of "good", though.
Well, Cuba got pretty near and VE kept it up pretty long.
Not here, this is non spoofed traffic in large amounts.
Dallas also. But luckily, our servers are still up.
GIven that prerequisites for socialism include capitalism, surplus and industrialisation i would say not
So basically 140k+ devices of CCTV comprimised due to stupid default settings. Each able to push total ddos of 1.4TB. Then krebs mentioning he could scan the entire ipv4 range within 30minutes so basically these ddosers scanned the whole range for specific bad default settings on cctv then now using it as a ddos botnet. Sounds pretty easy to me no wonder attacks are so large nowadays.
It is pretty easy, though you also have to be that way inclined. I suppose the clever bit is being beyond reproach.
Surprised we don't see more attacks of this size more often then
You are? As described here, there's a lot of devices that can be owned quite easily, port scanning to find them and identify them is something you could learn about in a day.
Intent is the hard part. Me being a relatively boring middle of the road guy, I've no inclination to go DDOSing people. I don't think there can be 'lots' of these kinds of attacks because a) You'd be a very naughty boy to do it and you'd end up in jail which should deter you (why do it anyway) or b) You're organised crime or a state actor and laws are subject to your own interpretation.
Plenty here know way more about me about how networking 'works', though it gets 'real world' when they're attacks of this size.
Some users reported Packetloss at OVH GRA, well.
Port scanning and bruting credentials is the easy part. I presume the more difficult part would be to actually infect devices part of the internet of shit, as there are no standards, and what works on one device may not work on another.
There are plenty of miscreants in the world, some dumb, but some exceptionally smart. I would say that given the size of the attack, and that even Akamai's staff were surprised ("Someone has a botnet with capabilities we've never seen before", McCleary or something), this is something very troubling.
It's easy to trivialize these kinds of things when you're sitting in a chair far removed from what's actually going on, but don't detract from the gravity of the situation. These are some seriously bad people
Typically, the ones who go around trying to trivialize these things are the ones who don't have the technical know-how trying to accomplish it, but know just a little to try to pull themselves up and make themselves look better than they really are. "Oh, it's so easy, anybody could do it". The rarity of the number of events proves that it's quite a task.
So let's say someone gets into my CCTV assuming I use the default credentials for remote viewing what could they do exactly right off the bat?
They would probably drop a payload that's a DDoS bot
If they're infecting the same device. Make a exploit for that device using credentials and upload the irc bot.
aren't all of these IoT devices behind NAT? How are they accessing them?
They may be behind NAT, but they might also be port forwarded.
@jarland can you fix the spelling mistake in the title.. it's doing my head in.
Hi, I am the spelling corrector in charge today. Unfortunately, @jarland has his "Everclear Saturday" and cannot walk straight. However, your head should be safe now,
I ain't drunk you the drunk one. You can't just decide that I'm drunk. That decision is mine and God's. I didn't make that decision. That was not a decision that was made.
(Probably the only aqua teen fan around...)
Amen & Hallelujah! God cannot fail, so your condition is righteous and justified!
DING.
This, having web access to some random IoT dev is not helpful unless you have an actual way to exploit it to root/meaningful control - yea there are the really idiotic things with open ssh and static root pw (or MAC generated for cool L2 based attacks) but most are not.
Either you:
Have pure luck to accidentally discover a 0day that allows you this (eg. scanners and automatic exploit 'probe' kits) and enough knowledge to use it (conclusion: get busted for C&C at your own ISP)
Reverse one device and build a specific botnet out of it (eg. information from inside the manufacturer that they are generally insecure but nothing more exact, gossip etc.)
Get internal information or have it already (eg. contractor, larger scale customer, employee, direct supervising gov agency (see next) etc.)
Plan very much ahead (that is the conspiracy theory part) eg. create a shell/"real" company to sell this devices cheaply (maybe even at loss) with an exploit (sounds familiar yet? Chinese one step ahead of the NSA, no need to intercept anything...)
Based on speculations alone what sounds more likely to me is that all these devices are using some kind of common server (reverse proxy) type portal. It's probably insecure (as they often are) and if hacked then it gives access to hundreds of devices it manages. That's how IoT is usually deployed, it is too much hassle for a network admin to forward hundreds of ports.
Freenode seems to be the latest target.
The massive netsplit is caused by DDoS ?
Unable to connect to Freenode, checks out.
What else is new. lol