Change Location Europe - Flag EUR
 
Mouser Europe - Flag Mouser Europe

Incoterms: DDP is available to customers in EU Member States.
All prices include duty and customs fees on select shipping methods.

Incoterms: DDU applies to most non-EU customers.
Duty, customs fees and taxes are collected at time of delivery.


Please confirm your currency selection:

Euros
Euros are accepted for payment only in EU member states these countries.

US Dollars
USD is accepted in all countries.

Other currency options may also be available - see
Mouser Worldwide.

Bench Talk for Design Engineers

Bench Talk

rss

Bench Talk for Design Engineers | The Official Blog of Mouser Electronics


Wintry Wonderland of Malicious Packets Hither and Thither Part II Arden Henderson

DDoS Things Warnings

 

First, it’s prudent to note that there have been ominous warnings over the years regarding the rise of the Internet of Things and the makers of IoT devices simply not taking security seriously. Deep into 2016, there were the Level 3 August 25 notes on the attack of things. On September 13, Bruce Schneier wrote someone is learning how to take down the internet. And there was the prescient October 20 essay by Chris Baker regarding IoT attacks on managed DNS operators.

DDoS Things Censoring

 

At approximately 2000 hours EDT on September 20, there was a massive DDoS attack on the Brian Krebs security website at a scale not seen before. Because of the overwhelming number of spoofed web requests, access to the site was eliminated, producing an effective censorship. Criminals invoked the enforced censorship in apparent punishment for a blog Krebs wrote about DDoS-for-hire service vDOS. Later analysis showed the DDoS attack 620 Gbps in size. It turned out that DVRs and IP cameras were exploited and used to launch the DDoS attack. Default passwords, always the bane of security, rose up again to bite with sharp teeth. The content delivery services company Akamai, which had been providing DDoS protection pro-bono for Krebs, had to make the hard decision to bail after a point.

Opinions vary on Akamai’s decision to pull the plug for the pro-bono DDoS protection provided to Kreb’s site. Nick Selby observed we may now know Akamai’s threshold. Akamai’s postmortem notes success against the attack and there were several follow-up blogs, including about things attacking and IoT barbarians. At any rate, Kreb’s security site carries on, now protected under Google’s Project Shield. Krebs’ November 16 blog details Akamai’s State of the Internet, which covered extensively the DDoS attack against KrebsOnSecurity.

DDoS Things Squashing

 

On October 21, 2016, vicious thunder crackled across the ethers as massive hard-as-brick snowballs were chunked in deadly velocity from thousands of sources. The target of the multiple IoT DDoS attacks was Dyn, an internet performance management services company.

The attacks wreaked havoc on sites serviced by Dyn. The attack was so successful that the notion of “DDoS” surfaced into mainstream media momentarily distracted from such newsworthy topics as private email servers. The attack could have topped 1.2 Tbps, involving 100,000 bots. Impact was widespread, starting with the eastern seaboard and sites from wired.com to the New York Times, and the financial services sector, then moving on to the west coast. In the end, Reddit, Twitter, Github, Spotify, eBay, and a host of other sites were effectively knocked out.

How did thousands of consumer things connected to the internet manage to get together, become fire hydrants, aim and wash away sites as with the attacks on Krebs and Dyn? In a word: Mirai.

Mirai, Mirai, On The Firewall

 

It turned out the botnets which launched spectacularly heavy attacks on Krebs and Dyn, and other minor attacks in-between and later, were powered by Mirai.

Mirai is both malware that infects things on the internet and is used to launch DDoS attacks. Once in, it locates and exploits other IoT devices and coordinates attacks, and is territorial in nature. Mirai is not the only IoT malware in town and strives to eliminate competing malware. IoT malware is a growth industry.

Perhaps covering their tracks after the attack on Krebs, the source code was released. This, of course, increased participation.

Zillons of internet-connected things are infected with Mirai. Note this timelapse of Mirai mapping

 

 

Mirai scanner was released by Imperva Encapsula. Caveat: If there are no things behind your firewall and/or your firewall is locked up properly, the scanner will superfluously report that Mirai may have blocked ports already. Blocking ports – sealing off access to IoT – is a Mirai thing, something it does after settling into its new home.

At the moment, the future appears dark with mushrooming IoT botnets. Over the years, DDoS mitigation services have multiplied and best practices are well-known. Nonetheless, botnets going from exploited PCs to countless IoT devices, and the improved ease of exploitation, has impressively scaled up the game. Until manufacturers start to take IoT security seriously, starting with not shipping devices with default passwords, the numbers are on the side of the botnets and the ne’er-do-well botnet herders. While script kiddies are generally believed to be behind the recent well-publicized DDoS attacks, no question state actors are sitting somewhere in dark, state-financed cube farms grinning at the possibilities.

Avoid Being Bad News

 

As you design and create your next cool IoT device, no doubt perusing the excellent Mouser Electronics website even now for top-notch components, take a moment to install security reviews at every stage of of the creative process. Best to be proactive to prevent your cool, new IoT device from being Mirai-ized by the thousands and making the next news cycle.

 



« Back


Arden Henderson spent at least part of his life toolsmithing in dark, steam-powered workshops of software tool forges long gone, drenched in blood, sweat, and code under the glare of cathode ray tubes, striving for the perfect line of self-modifying software and the holy grail of all things codecraft: The perfectly rendered pixel. These days, when not working on his 1964 Flux Blend time machine (which he inadvertently wrecked before it was built after a particularly deep recursive loop), Mr. Henderson works in part-time castle elf and groundskeeper jobs, chatting with singularities spawned from code gone mad in vast labyrinths of vacuum tubes, patch cords, and electro-mechanical relays. Mr. Henderson earned a B.S.C.S. late in life at Texas A&M. Over the hundreds of years gone by before then and after, he has worked in various realms ranging from petrochemical wonderlands spread across the flat Gulf Coast saltgrass plains, as far as the eye can see, to silicon bastions deep in the heart of Central Texas.

All Authors

Show More Show More
View Blogs by Date