ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    IoT devices Used in DDoS Attacks

    Scheduled Pinned Locked Moved Water Closet
    iotsecurityinternet of thingsddosbbc
    49 Posts 12 Posters 7.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • coliverC
      coliver @Dashrender
      last edited by

      @Dashrender said in IoT devices Used in DDoS Attacks:

      @scottalanmiller said in IoT devices Used in DDoS Attacks:

      @coliver said in IoT devices Used in DDoS Attacks:

      @Dashrender said in IoT devices Used in DDoS Attacks:

      @scottalanmiller said in IoT devices Used in DDoS Attacks:

      Ah, the cacheing failed from there? But they could move to another provider in, like, five minutes. Faster than the TTL on the records. That's not a viable DDoS vector as you just move.

      Not if they buy their domain name from Dyn also.

      You can purchase domain names from whomever it doesn't stop you from doing DNS from a different vendor or internally.

      And it is insanely recommended that you never buy the domain from one and get DNS from the same one. Those two should never overlap. That's how you lose control of your systems.

      Personally, I had never heard that until I saw your postings on SW. So while I understand this to be true now, I'm not sure where new IT persons would learn about it short of reading a post somewhere online. I suppose it could have been taught at ITT 😜

      I hear University of Pheonix has you covered 😜

      1 Reply Last reply Reply Quote 1
      • DashrenderD
        Dashrender @coliver
        last edited by

        @coliver said in IoT devices Used in DDoS Attacks:

        @Dashrender said in IoT devices Used in DDoS Attacks:

        @coliver said in IoT devices Used in DDoS Attacks:

        @scottalanmiller said in IoT devices Used in DDoS Attacks:

        That's not a viable DDoS vector as you just move.

        I don't understand how this was such a big outage. DNS is designed to be resilient because of its simplicity. Why companies are still only using a single DNS provider is beyond me.

        I only use a single DNS provider. I use Cloudflare. I did buy my domain name from someone else though.. so moving it like scott said would be typically pretty fast if Cloudflare was under attack.

        IIRC, and I probably don't, but doesn't Cloudflare do distributed DNS on their own? So a DDoS attack against their DNS infrastructure would be ineffective.

        I don't follow. The SOA still has to be on the listed IPs. If all of the listed IPs are being attacked at once, you can't get away from it.

        In the case of Dyn, I would assume either A) all of the IPs are behind a singular pipe (horrible design) or there was only one.

        1 Reply Last reply Reply Quote 0
        • DashrenderD
          Dashrender
          last edited by

          My EMR vendor has now expanded to 3 DNS providers, and from what I can tell, at least one of them is based in Europe.

          1 Reply Last reply Reply Quote 1
          • scottalanmillerS
            scottalanmiller @Dashrender
            last edited by

            @Dashrender said in IoT devices Used in DDoS Attacks:

            @scottalanmiller said in IoT devices Used in DDoS Attacks:

            @coliver said in IoT devices Used in DDoS Attacks:

            @Dashrender said in IoT devices Used in DDoS Attacks:

            @scottalanmiller said in IoT devices Used in DDoS Attacks:

            Ah, the cacheing failed from there? But they could move to another provider in, like, five minutes. Faster than the TTL on the records. That's not a viable DDoS vector as you just move.

            Not if they buy their domain name from Dyn also.

            You can purchase domain names from whomever it doesn't stop you from doing DNS from a different vendor or internally.

            And it is insanely recommended that you never buy the domain from one and get DNS from the same one. Those two should never overlap. That's how you lose control of your systems.

            Personally, I had never heard that until I saw your postings on SW. So while I understand this to be true now, I'm not sure where new IT persons would learn about it short of reading a post somewhere online. I suppose it could have been taught at ITT 😜

            It's not for you to have heard of. It's nothing to do with IT. It's a fundamental business concern. Any business manager should just know this. It's not a technical thing (well, it is... single point of failure, general risk) it's purely standard business knowledge. Really, it's just common sense. The whole system exists the way that it does to make sure you are never stuck with one company owning you.

            DashrenderD 1 Reply Last reply Reply Quote 0
            • DashrenderD
              Dashrender @scottalanmiller
              last edited by

              @scottalanmiller said in IoT devices Used in DDoS Attacks:

              @Dashrender said in IoT devices Used in DDoS Attacks:

              @scottalanmiller said in IoT devices Used in DDoS Attacks:

              @coliver said in IoT devices Used in DDoS Attacks:

              @Dashrender said in IoT devices Used in DDoS Attacks:

              @scottalanmiller said in IoT devices Used in DDoS Attacks:

              Ah, the cacheing failed from there? But they could move to another provider in, like, five minutes. Faster than the TTL on the records. That's not a viable DDoS vector as you just move.

              Not if they buy their domain name from Dyn also.

              You can purchase domain names from whomever it doesn't stop you from doing DNS from a different vendor or internally.

              And it is insanely recommended that you never buy the domain from one and get DNS from the same one. Those two should never overlap. That's how you lose control of your systems.

              Personally, I had never heard that until I saw your postings on SW. So while I understand this to be true now, I'm not sure where new IT persons would learn about it short of reading a post somewhere online. I suppose it could have been taught at ITT 😜

              It's not for you to have heard of. It's nothing to do with IT. It's a fundamental business concern. Any business manager should just know this. It's not a technical thing (well, it is... single point of failure, general risk) it's purely standard business knowledge. Really, it's just common sense. The whole system exists the way that it does to make sure you are never stuck with one company owning you.

              LOL, well except that your registrar does if they decide not to place nice.. but hopefully they would be sued out of existence if that happened.

              scottalanmillerS 1 Reply Last reply Reply Quote 0
              • scottalanmillerS
                scottalanmiller @Dashrender
                last edited by

                @Dashrender said in IoT devices Used in DDoS Attacks:

                @scottalanmiller said in IoT devices Used in DDoS Attacks:

                @Dashrender said in IoT devices Used in DDoS Attacks:

                @scottalanmiller said in IoT devices Used in DDoS Attacks:

                @coliver said in IoT devices Used in DDoS Attacks:

                @Dashrender said in IoT devices Used in DDoS Attacks:

                @scottalanmiller said in IoT devices Used in DDoS Attacks:

                Ah, the cacheing failed from there? But they could move to another provider in, like, five minutes. Faster than the TTL on the records. That's not a viable DDoS vector as you just move.

                Not if they buy their domain name from Dyn also.

                You can purchase domain names from whomever it doesn't stop you from doing DNS from a different vendor or internally.

                And it is insanely recommended that you never buy the domain from one and get DNS from the same one. Those two should never overlap. That's how you lose control of your systems.

                Personally, I had never heard that until I saw your postings on SW. So while I understand this to be true now, I'm not sure where new IT persons would learn about it short of reading a post somewhere online. I suppose it could have been taught at ITT 😜

                It's not for you to have heard of. It's nothing to do with IT. It's a fundamental business concern. Any business manager should just know this. It's not a technical thing (well, it is... single point of failure, general risk) it's purely standard business knowledge. Really, it's just common sense. The whole system exists the way that it does to make sure you are never stuck with one company owning you.

                LOL, well except that your registrar does if they decide not to place nice.. but hopefully they would be sued out of existence if that happened.

                They don't have that option. It's a requirement of the process.

                DashrenderD 1 Reply Last reply Reply Quote 0
                • DashrenderD
                  Dashrender @scottalanmiller
                  last edited by

                  @scottalanmiller said in IoT devices Used in DDoS Attacks:

                  @Dashrender said in IoT devices Used in DDoS Attacks:

                  @scottalanmiller said in IoT devices Used in DDoS Attacks:

                  @Dashrender said in IoT devices Used in DDoS Attacks:

                  @scottalanmiller said in IoT devices Used in DDoS Attacks:

                  @coliver said in IoT devices Used in DDoS Attacks:

                  @Dashrender said in IoT devices Used in DDoS Attacks:

                  @scottalanmiller said in IoT devices Used in DDoS Attacks:

                  Ah, the cacheing failed from there? But they could move to another provider in, like, five minutes. Faster than the TTL on the records. That's not a viable DDoS vector as you just move.

                  Not if they buy their domain name from Dyn also.

                  You can purchase domain names from whomever it doesn't stop you from doing DNS from a different vendor or internally.

                  And it is insanely recommended that you never buy the domain from one and get DNS from the same one. Those two should never overlap. That's how you lose control of your systems.

                  Personally, I had never heard that until I saw your postings on SW. So while I understand this to be true now, I'm not sure where new IT persons would learn about it short of reading a post somewhere online. I suppose it could have been taught at ITT 😜

                  It's not for you to have heard of. It's nothing to do with IT. It's a fundamental business concern. Any business manager should just know this. It's not a technical thing (well, it is... single point of failure, general risk) it's purely standard business knowledge. Really, it's just common sense. The whole system exists the way that it does to make sure you are never stuck with one company owning you.

                  LOL, well except that your registrar does if they decide not to place nice.. but hopefully they would be sued out of existence if that happened.

                  They don't have that option. It's a requirement of the process.

                  That's like a requirement of the process that Certificate authorities aren't suppose to mint certs for companies that people don't own.. but then you have horrible systems and these things happen anyhow šŸ˜›

                  1 Reply Last reply Reply Quote 1
                  • ObsolesceO
                    Obsolesce
                    last edited by Obsolesce

                    Where the complexity comes in, is that it's not just simply one IP address being matched to a single domain name.

                    If that were the case, there wouldn't have been any outages for these websites.

                    The problem is that there's thousands of IP addresses that are mapped to tens or hundreds of domain names for a single domain, for example, load balancing and other supporting services.

                    Visit facebook.com and record all network activity. It's not just facebook.com you see, there's x.facebook.com, xyz.facebook.com, etc... It's also not the same IP address for everyone. It get's very complex.

                    If the authoritative name server for a domain or several domains that support a single domain becomes unavailable, things will be fine until the TTLs expire. Once that happens on the DNS servers down the chain, you don't get the name resolution anymore, and those dns servers can no longer find a path to resolution.

                    When you combine that with all the other interworkings of a domain, it can be awhile until things get better, even if the attacked name servers get better.

                    How many of you have ever bought a single domain name and see the message it may take up to 48 hours or whatever to propagate?

                    The above is pretty a pretty basic explanation and understanding, but I'm just trying to get my point across without making a massive wall of text.

                    1 Reply Last reply Reply Quote 2
                    • dafyreD
                      dafyre
                      last edited by

                      @Tim_G does this help:

                      giphy.gif

                      1 Reply Last reply Reply Quote 0
                      • ChrisLC
                        ChrisL @scottalanmiller
                        last edited by

                        The machines are revolting!

                        Destroys toaster

                        scottalanmillerS 1 Reply Last reply Reply Quote 1
                        • scottalanmillerS
                          scottalanmiller @ChrisL
                          last edited by

                          @ChrisL said in IoT devices Used in DDoS Attacks:

                          The machines are revolting!

                          Destroys toaster

                          Or... the toaster destroys YOU!

                          1 Reply Last reply Reply Quote 1
                          • scottalanmillerS
                            scottalanmiller
                            last edited by

                            Gives a new meaning to "you are toast".

                            ChrisLC 1 Reply Last reply Reply Quote 2
                            • ChrisLC
                              ChrisL @scottalanmiller
                              last edited by

                              @scottalanmiller said in IoT devices Used in DDoS Attacks:

                              Gives a new meaning to "you are toast".

                              I'm so white, even the lowest setting would burn me to a crisp.

                              StrongBadS 1 Reply Last reply Reply Quote 1
                              • StrongBadS
                                StrongBad @ChrisL
                                last edited by

                                @ChrisL said in IoT devices Used in DDoS Attacks:

                                @scottalanmiller said in IoT devices Used in DDoS Attacks:

                                Gives a new meaning to "you are toast".

                                I'm so white...

                                ...the toaster thought that it was helping?

                                1 Reply Last reply Reply Quote 0
                                • nadnerBN
                                  nadnerB
                                  last edited by

                                  Chinese electronics firm Hangzhou Xiongmai is set to recall swathes of webcams after they were compromised by the Mirai botnet.
                                  Ā 
                                  Mirai exploits the low security standards of internet-connected devices, from routers to webcams, and after enslaving them with malware uses their network connections to launch DDoS attacks, such as that hobbling Dyn's DNS services last week.

                                  Sauce of regret: http://www.theregister.co.uk/2016/10/24/chinese_firm_recalls_webcams_over_mirai_botnet_infection_ddos_woes/

                                  1 Reply Last reply Reply Quote 0
                                  • 1
                                  • 2
                                  • 3
                                  • 1 / 3
                                  • First post
                                    Last post