SoylentNews is people
SoylentNews
I found the following story which explains the nature of the DDoS threat facing us all. In the past, the main culprit of DDoS attacks were compromised computers which partially resulted in the multi-million dollar business of antivirus programs and similar software. Nowadays, the source is more likely to be a compromised CCTV camera, DVR, or some other device on the IoT.
Last week, the hosting provider OVH faced 1Tbps DDoS attack, likely the largest one ever seen.
The OVH founder and CTO Octave Klaba reported the 1Tbps DDoS attack on Twitter sharing an image that lists the multiple sources of the attack.
Klaba explained that the servers of its company were hit by multiple attacks exceeding 100 Gbps simultaneously concurring at 1 Tbps DDoS attack. One of the attacks documented by the OVH reached 93 MMps and 799 Gbps.
Now Klaba added further information on the powerful DDoS attacks, the CTO of the OVH claimed that the botnet used by attackers is powered by more than 150,000 Internet of Things (IoT) devices, including cameras and DVRs.
"This botnet with 145607 cameras/dvr (1-30Mbps per IP) is able to send >1.5Tbps DDoS. Type: tcp/ack, tcp/ack+psh, tcp/syn." — Octave Klaba / Oles (@olesovhcom) 23 settembre 2016
The bad news for the OVH company is that attacks are still ongoing and the size of the botnet is increasing.
(Score: 1, Interesting) by Anonymous Coward on Thursday September 29 2016, @01:16PM
you want mitigation? isolate the camera to a separate vlan, that is not accessible from outside. Make a box with two network cards, put one input from the super secure vlan in the box, and a normal uplink from your insecure vlan. Connect to the box remotely, look at whatever, disconnect.
For extra security, do not use remote management on the box, just have it in the _basement_, locked behind three sets of doors?
I'd like to talk to the leet haxxor, who can penetrate such setup, without copying the physical keys, kek.
If you absolutely insist on putting the damn device on a network with people on it... Route all the addresses it talk to to 0.0.0.0? MITM, SSLstrip and/or proxy the fuck out of connections that originate from the devices port ? Rewrite packets originating from the device and going outside to overwrite the payload with "FUCKYOUASSHOLES"? Patch the image of the firmware in memory to remove all ip adresses it talks to? If the image isn't validated by device, or validated trivially by checking header length... Dissasemble the image, replace the parts that initiate outbound connections by NOP's somehow, reassemble image, flash it to device? Replace the SSL certificates device uses by same method or by patching it in ram directly?