Professional Soldiers ® - View Single Post

cedsall · 10-25-2016, 15:58

Hard not to geek out on this one but here goes.

As MtnGoat pointed out, this is about botnets and the IoT. How well is your DVR secured? You probably have no idea (I don't). It's internet connected and can be used as a vector for an attack. How many folks on your block, your city, your state with the same DVR.

DDoS use that idea to magnify the effects of an attack by directing 10s, 100s, or 1000s of these things at a target. Most DoS attacks also randomize the source ip address of the attack packet so you, sitting in your corporate network, can't pinpoint a source. Your ISP may be able to help by looking at which of their peering circuits is bringing in the attack but if it's a distributed attack, chances are it's coming in from so many different vectors they would effectively shut themselves down to block them all. ISPs have been told for at least 15 years to egress filter their networks so they only allow out packets that originate from the ip networks they "own" but we can all see how well that advice has been followed. And in certain areas of the world it's really the wild, wild, west.

All this is to say - there are ways to prevent these attacks but it takes a coordinated effort and the internet is not yet in a place where that level of coordination can occur.

Government could jump in and start regulating the internet like they do for other utilities but 1) do you really want the government managing the internet? and 2) how would you handle the international angle?

It's not an easy problem to solve.

One final bit of humor. I audited a network years ago and the network admin had a HUGE access list in their router. Large access lists take a toll on the ability of the router to route packets (it's job). I asked about the access list and he told me "<higher headquarters> requires us to have that list in all our perimeter routers". "OK, but what are all these lines blocking individual ip addresses? Oh, those are there to block denial of service attacks. Um, if you're blocking it on your premise router, it's a little too late..."

10-25-2016, 15:58	#12
cedsall Guerrilla Join Date: May 2010 Location: Washington, DC Posts: 110	Hard not to geek out on this one but here goes. As MtnGoat pointed out, this is about botnets and the IoT. How well is your DVR secured? You probably have no idea (I don't). It's internet connected and can be used as a vector for an attack. How many folks on your block, your city, your state with the same DVR. DDoS use that idea to magnify the effects of an attack by directing 10s, 100s, or 1000s of these things at a target. Most DoS attacks also randomize the source ip address of the attack packet so you, sitting in your corporate network, can't pinpoint a source. Your ISP may be able to help by looking at which of their peering circuits is bringing in the attack but if it's a distributed attack, chances are it's coming in from so many different vectors they would effectively shut themselves down to block them all. ISPs have been told for at least 15 years to egress filter their networks so they only allow out packets that originate from the ip networks they "own" but we can all see how well that advice has been followed. And in certain areas of the world it's really the wild, wild, west. All this is to say - there are ways to prevent these attacks but it takes a coordinated effort and the internet is not yet in a place where that level of coordination can occur. Government could jump in and start regulating the internet like they do for other utilities but 1) do you really want the government managing the internet? and 2) how would you handle the international angle? It's not an easy problem to solve. One final bit of humor. I audited a network years ago and the network admin had a HUGE access list in their router. Large access lists take a toll on the ability of the router to route packets (it's job). I asked about the access list and he told me "<higher headquarters> requires us to have that list in all our perimeter routers". "OK, but what are all these lines blocking individual ip addresses? Oh, those are there to block denial of service attacks. Um, if you're blocking it on your premise router, it's a little too late..." __________________ You know spies… bunch of bitchy little girls. --Bruce Campbell as Sam Axe in Burn Notice Now... 97Charlie... there was an MOS! --ZonieDiver
cedsall is offline