Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Friday October 14 2016, @06:22AM   Printer-friendly
from the fast-forwarding? dept.

Millions of IoT devices have already been compromised and abused for distributed denial-of-service (DDoS) attacks and millions more are affected by critical vulnerabilities that make them an easy target for malicious actors.

While in many cases attackers hack IoT devices and leverage them to conduct attacks directly, researchers at Akamai have come across a different type of mass attack in which the compromised systems are used as proxies that route malicious traffic.

These attacks, dubbed by Akamai SSHowDowN Proxy attacks, have abused vulnerable CCTV, NVR, DVR, networking, storage and satellite antenna equipment to conduct HTTP-based credential stuffing campaigns. The breached devices are also used as an entry point to the internal networks that house them.

Read more at SecurityWeek.com


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 3, Informative) by Anonymous Coward on Friday October 14 2016, @12:01PM

    by Anonymous Coward on Friday October 14 2016, @12:01PM (#414237)
    NAT will probably not protect you. The only thing that can protect you is if you set up a proper stateful firewall that will prevent any external connections from reaching out and touching these insecure devices from the outside, or from them making connections to the outside. I don't know why people are constantly under the illusion that NAT is a security measure. It isn't, and any security it might provide you is just a side effect.
    Starting Score:    0  points
    Moderation   +3  
       Informative=3, Total=3
    Extra 'Informative' Modifier   0  

    Total Score:   3  
  • (Score: 0) by Anonymous Coward on Friday October 14 2016, @01:59PM

    by Anonymous Coward on Friday October 14 2016, @01:59PM (#414274)

    Saying NAT by itself is somewhat vague, but I think we're talking about masquerade-type IPv4 NAT. How does an external connection "reach out and touch" something on the inside? How do I get at 192.168.0.87 from the outside?

    Is this a problem that's perhaps exacerbated by things like uPnP that do open up the NAT?

    I'm also wondering what role IPv6 may play in these attacks. Is it a common enough scenario these days that a consumer-grade router would get an IPv6 addr and advertise the route to devices on the LAN, happily allowing any outside party to connect behind the router willy-nilly?

    • (Score: 1, Informative) by Anonymous Coward on Friday October 14 2016, @06:31PM

      by Anonymous Coward on Friday October 14 2016, @06:31PM (#414397)

      https://en.wikipedia.org/wiki/Hole_punching_(networking) [wikipedia.org]

      Getting in and out of network is a well known thing. Also are you 100% sure NAT actually acts as a firewall? It doesnt BTW. It only works because there is no bridge between the outside network and the interior one. However, piggy back on something else and there is no firewall to say 'hey device xyz just tried to goto the internet. it shouldnt do that.' Instead it says 'oh here let me translate that for you and leave a small hole for the back tracking packets from the other end'. NAT basically makes your IP to the outside world look like 1 computer with a bunch of services hanging off it that are default closed. So if you have 2 devices that share the same port well only one will work. IPV6 providers seem to be giving out /30s and up. So you can basically give every computer its own IP and make them addressable or not depending on your use case.

      I'm also wondering what role IPv6 may play in these attacks
      Most consumer routers are nothing more than a straight up firewall with ipv6. Basically the packets stop at this router as I am not allowed to forward anything onward. That is usually what the GUI lets you do. Under them is usually a full statefull linux firewall. Basically the default rule is inbound drop, outbound allow with ipv6.

      Using standard firewall rules it is easy to pick and choose what has access. With NAT you usually have to pick a 'winner'. That works for most use cases but not all.