Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 18 submissions in the queue.

Attackers Use Decade-Old SSH Flaw to Target IoT Devices

posted by martyb on Friday October 14 2016, @06:22AM   Printer-friendly
from the fast-forwarding? dept.

ticho writes:

Millions of IoT devices have already been compromised and abused for distributed denial-of-service (DDoS) attacks and millions more are affected by critical vulnerabilities that make them an easy target for malicious actors.

While in many cases attackers hack IoT devices and leverage them to conduct attacks directly, researchers at Akamai have come across a different type of mass attack in which the compromised systems are used as proxies that route malicious traffic.

These attacks, dubbed by Akamai SSHowDowN Proxy attacks, have abused vulnerable CCTV, NVR, DVR, networking, storage and satellite antenna equipment to conduct HTTP-based credential stuffing campaigns. The breached devices are also used as an entry point to the internal networks that house them.

Read more at SecurityWeek.com

Original Submission

 
This discussion has been archived. No new comments can be posted.
Attackers Use Decade-Old SSH Flaw to Target IoT Devices | Log In/Create an Account | Top | 23 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 1, Informative) by Anonymous Coward on Friday October 14 2016, @06:31PM

    by Anonymous Coward on Friday October 14 2016, @06:31PM (#414397)

    https://en.wikipedia.org/wiki/Hole_punching_(networking) [wikipedia.org]

    Getting in and out of network is a well known thing. Also are you 100% sure NAT actually acts as a firewall? It doesnt BTW. It only works because there is no bridge between the outside network and the interior one. However, piggy back on something else and there is no firewall to say 'hey device xyz just tried to goto the internet. it shouldnt do that.' Instead it says 'oh here let me translate that for you and leave a small hole for the back tracking packets from the other end'. NAT basically makes your IP to the outside world look like 1 computer with a bunch of services hanging off it that are default closed. So if you have 2 devices that share the same port well only one will work. IPV6 providers seem to be giving out /30s and up. So you can basically give every computer its own IP and make them addressable or not depending on your use case.

    I'm also wondering what role IPv6 may play in these attacks
    Most consumer routers are nothing more than a straight up firewall with ipv6. Basically the packets stop at this router as I am not allowed to forward anything onward. That is usually what the GUI lets you do. Under them is usually a full statefull linux firewall. Basically the default rule is inbound drop, outbound allow with ipv6.

    Using standard firewall rules it is easy to pick and choose what has access. With NAT you usually have to pick a 'winner'. That works for most use cases but not all.

    Starting Score:    0  points
    Moderation   +1  
       Informative=1, Total=1
    Extra 'Informative' Modifier   0  
    Total Score:   1