SoylentNews is people
SoylentNews
Millions of IoT devices have already been compromised and abused for distributed denial-of-service (DDoS) attacks and millions more are affected by critical vulnerabilities that make them an easy target for malicious actors.
While in many cases attackers hack IoT devices and leverage them to conduct attacks directly, researchers at Akamai have come across a different type of mass attack in which the compromised systems are used as proxies that route malicious traffic.
These attacks, dubbed by Akamai SSHowDowN Proxy attacks, have abused vulnerable CCTV, NVR, DVR, networking, storage and satellite antenna equipment to conduct HTTP-based credential stuffing campaigns. The breached devices are also used as an entry point to the internal networks that house them.
Read more at SecurityWeek.com
(Score: 2) by Kilo110 on Friday October 14 2016, @11:07AM
I've a number of "smart" devices in my home and I generally take security seriously. I've an updated pfsense router that I believe is properly configured. Will that be enough to keep my various devices safe from these attacks?
(Score: 3, Informative) by Anonymous Coward on Friday October 14 2016, @12:01PM
(Score: 0) by Anonymous Coward on Friday October 14 2016, @01:59PM
Saying NAT by itself is somewhat vague, but I think we're talking about masquerade-type IPv4 NAT. How does an external connection "reach out and touch" something on the inside? How do I get at 192.168.0.87 from the outside?
Is this a problem that's perhaps exacerbated by things like uPnP that do open up the NAT?
I'm also wondering what role IPv6 may play in these attacks. Is it a common enough scenario these days that a consumer-grade router would get an IPv6 addr and advertise the route to devices on the LAN, happily allowing any outside party to connect behind the router willy-nilly?
(Score: 1, Informative) by Anonymous Coward on Friday October 14 2016, @06:31PM
https://en.wikipedia.org/wiki/Hole_punching_(networking) [wikipedia.org]
Getting in and out of network is a well known thing. Also are you 100% sure NAT actually acts as a firewall? It doesnt BTW. It only works because there is no bridge between the outside network and the interior one. However, piggy back on something else and there is no firewall to say 'hey device xyz just tried to goto the internet. it shouldnt do that.' Instead it says 'oh here let me translate that for you and leave a small hole for the back tracking packets from the other end'. NAT basically makes your IP to the outside world look like 1 computer with a bunch of services hanging off it that are default closed. So if you have 2 devices that share the same port well only one will work. IPV6 providers seem to be giving out /30s and up. So you can basically give every computer its own IP and make them addressable or not depending on your use case.
I'm also wondering what role IPv6 may play in these attacks
Most consumer routers are nothing more than a straight up firewall with ipv6. Basically the packets stop at this router as I am not allowed to forward anything onward. That is usually what the GUI lets you do. Under them is usually a full statefull linux firewall. Basically the default rule is inbound drop, outbound allow with ipv6.
Using standard firewall rules it is easy to pick and choose what has access. With NAT you usually have to pick a 'winner'. That works for most use cases but not all.
(Score: 2) by Fnord666 on Friday October 14 2016, @03:01PM
I've a number of "smart" devices in my home and I generally take security seriously. I've an updated pfsense router that I believe is properly configured. Will that be enough to keep my various devices safe from these attacks?
Unless you have forwarded port 22 or one of your devices has used UPnP to open that port, you should be good. You can always test it really quickly by getting your external IP address from your router/firewall and try to SSH into that address from outside your home network.
(Score: 2, Informative) by nobu_the_bard on Friday October 14 2016, @04:31PM
These are pretty nifty firewalls, I use them a lot.
I don't know how your IoT things work, but if you're accessing them from outside your network through the firewall, you can do a few things to mitigate potential attacks (these are not necessarily going to make you bulletproof but it'll help):
* Don't have ports open to the internet for your devices that you don't need to use. If you never ACTUALLY open their HTTP webpage to look at your cameras, don't bother having the port open. If you're SSHing into your devices directly from the internet for some reason, consider closing your SSH ports directly to the devices and setting up SSH on the firewall (assuming you keep it up to date). SSH to the firewall then to the device.
* Setup a NAT with a different port number that what the device actually uses (like NAT 9888->80); doesn't make you immune to attacks, but cuts the number of probes that actually find the device. Most won't bother to check nonstandard ports. A few will find you anyway though.
* Install the pfblocker package and have it block every country you don't expect to be connecting from. Its super great at cutting the number of attack attempts, but it's not unbeatable. Also on the newer pfblocker you can add other lists; I add Amazon Cloud's IPs and SpamHaus infected IPs to mine.
Better than either of those, instead of having your devices' ports open to the internet, setup a remote access VPN with OpenVPN or IPsec (pfsense can do either at no cost). OpenVPN tunnels are easy, there's a great free client for Windows; I've only used the Linux one a bit (the Apple one is terrible). This works great on PCs but I've had less good experiences with smartphone client apps. A tunnel means you can access your devices and not have them open to the internet, plus it's harder to snoop on your traffic when you connect to them.
(Score: 1) by trimtab on Sunday October 23 2016, @08:25PM
You can do country wide blocks even easier with Linux iptables or one of the *BSD firewalls.