Millions of IoT devices have already been compromised and abused for distributed denial-of-service (DDoS) attacks and millions more are affected by critical vulnerabilities that make them an easy target for malicious actors.
While in many cases attackers hack IoT devices and leverage them to conduct attacks directly, researchers at Akamai have come across a different type of mass attack in which the compromised systems are used as proxies that route malicious traffic.
These attacks, dubbed by Akamai SSHowDowN Proxy attacks, have abused vulnerable CCTV, NVR, DVR, networking, storage and satellite antenna equipment to conduct HTTP-based credential stuffing campaigns. The breached devices are also used as an entry point to the internal networks that house them.
Read more at SecurityWeek.com
(Score: 3, Informative) by Anonymous Coward on Friday October 14 2016, @12:01PM
(Score: 0) by Anonymous Coward on Friday October 14 2016, @01:59PM
Saying NAT by itself is somewhat vague, but I think we're talking about masquerade-type IPv4 NAT. How does an external connection "reach out and touch" something on the inside? How do I get at 192.168.0.87 from the outside?
Is this a problem that's perhaps exacerbated by things like uPnP that do open up the NAT?
I'm also wondering what role IPv6 may play in these attacks. Is it a common enough scenario these days that a consumer-grade router would get an IPv6 addr and advertise the route to devices on the LAN, happily allowing any outside party to connect behind the router willy-nilly?
(Score: 1, Informative) by Anonymous Coward on Friday October 14 2016, @06:31PM
https://en.wikipedia.org/wiki/Hole_punching_(networking) [wikipedia.org]
Getting in and out of network is a well known thing. Also are you 100% sure NAT actually acts as a firewall? It doesnt BTW. It only works because there is no bridge between the outside network and the interior one. However, piggy back on something else and there is no firewall to say 'hey device xyz just tried to goto the internet. it shouldnt do that.' Instead it says 'oh here let me translate that for you and leave a small hole for the back tracking packets from the other end'. NAT basically makes your IP to the outside world look like 1 computer with a bunch of services hanging off it that are default closed. So if you have 2 devices that share the same port well only one will work. IPV6 providers seem to be giving out /30s and up. So you can basically give every computer its own IP and make them addressable or not depending on your use case.
I'm also wondering what role IPv6 may play in these attacks
Most consumer routers are nothing more than a straight up firewall with ipv6. Basically the packets stop at this router as I am not allowed to forward anything onward. That is usually what the GUI lets you do. Under them is usually a full statefull linux firewall. Basically the default rule is inbound drop, outbound allow with ipv6.
Using standard firewall rules it is easy to pick and choose what has access. With NAT you usually have to pick a 'winner'. That works for most use cases but not all.