DDoS using IoT

VeritiesVerities Member Posts: 1,162


  • beadsbeads Senior Member Member Posts: 1,520 ■■■■■■■■■□
    Now think of the eventuality that this is also your new corporate perimeter. Why you ask? Because people will put all this junk on their corporate owned smartphone to watch their "smart house" which now makes security's job to also indirectly defend your employees home.

    And you thought scope creep was just for project management. :D

    - b/eads
  • markulousmarkulous Member Posts: 2,394 ■■■■■■■■□□
    Yeah, I was shocked when I read that. It was almost twice the size of the attack against Brian Krebs.

    I luckily haven't seen any IoT devices at my company. I've had people try to install some of the monitoring software (cameras, smart devices, etc) on their PCs, but I shut that down quick.
  • beadsbeads Senior Member Member Posts: 1,520 ■■■■■■■■■□
    At least Dan Goodin got bits instead of bytes right this time. ROTFLMAO!

    - b/eads
  • VeritiesVerities Member Posts: 1,162
    @beads: I shudder inside when I see someone using Cox Smart Home app or bragging about how cool it is that they can change the thermostat or unlock/lock their doors remotely.

    @markulos: I can't even fathom a 1Tbps stream. Pretty impressive that they've handled everything thrown at them so far. I started looking at how they handled DDoS's and its very interesting:

  • networker050184networker050184 Mod Posts: 11,962 Mod
    Thats pretty standard DDoS mitigation model. The only problem is when you're edge routers link to the internet is saturated there is nothing you can do about that (like their "surplus bandwidth" is a 10G connection in some spots) besides null routing yourself upstream and trying DNS tricks. Smart attackers usually catch onto this quick and don't attack by IP only. Cloud based DDoS mitigation that use tunnels is an option that can help with this part of the scenario.
    An expert is a man who has made all the mistakes which can be made.
  • markulousmarkulous Member Posts: 2,394 ■■■■■■■■□□
    Sad thing is this is only going to get worse without any legal ramifications or government standards. The average consumer doesn't give a crap if it's vulnerable if they aren't directly affected. They aren't going to look at security flaws beforehand and won't keep up with patching after the fact either.
  • varelgvarelg Banned Posts: 790
    Self-driving cars as the part of IoT... cough, cogh...
  • ChinookChinook Member Posts: 206
    Currently both my house & my car follow the model of the Battlestar Galactica. "As long as I'm in command there will be no networked computers on this ship" - Commander Adama. Sadly, my vehcile won't last forever and the replacement will have networked technology. My house shall remain analog for as long as I can. #SayNoToAmazonEcho
  • VeritiesVerities Member Posts: 1,162
    @Chinook: Awesome reference and totally agree. +1

    @Varelg: If 10 years ago you told someone that we'd be able to perpetuate DDoS's from self driving cars, they would probably disagree with you. That's insane to think its not too far off. +1
  • cyberguyprcyberguypr Senior Member Mod Posts: 6,920 Mod
    I thought I was the only one who disliked the Echo and Teslas.
Sign In or Register to comment.