nanog mailing list archives
Re: Spitballing IoT Security
From: Jean-Francois Mezei <jfmezei_nanog () vaxination ca>
Date: Tue, 25 Oct 2016 04:37:19 -0400
On 2016-10-25 04:10, Ronald F. Guilmette wrote:
If all of the *&^%$# damn stupid vacation pet feeders had originally shipped with outbound rate limits hard-coded in the kernel, maybe this could have been avoided.
I view this differently. The problem is in allowing inbound connections and going as far as doing UPnP to tell the CPE router to open a inbound door to let hackers loging to that IoT pet feeder to turn it into an agressive DNS destroyer. Then again, you need to have the owner access the pet feeder from the remote beach to feed the dog. One way around this is for the pet feeder to initiate outbound connection to a central server, and have the pet onwer connect to that server to ask the server to send command to his pet feeder to feed the dog. This way, there need not be any inbound connection to the pet feeder.
Current thread:
- Re: Death of the Internet, Film at 11, (continued)
- Re: Death of the Internet, Film at 11 Josh Reynolds (Oct 24)
- RE: Death of the Internet, Film at 11 Emille Blanc (Oct 24)
- Re: Death of the Internet, Film at 11 Ronald F. Guilmette (Oct 25)
- Re: Death of the Internet, Film at 11 bzs (Oct 25)
- Re: Death of the Internet, Film at 11 Aaron C. de Bruyn via NANOG (Oct 24)
- Spitballing IoT Security Ronald F. Guilmette (Oct 24)
- Re: Spitballing IoT Security Jared Mauch (Oct 24)
- Re: Spitballing IoT Security Matthias Waehlisch (Oct 24)
- Re: Spitballing IoT Security Jared Mauch (Oct 25)
- Re: Spitballing IoT Security Ronald F. Guilmette (Oct 25)
- Re: Spitballing IoT Security Jean-Francois Mezei (Oct 25)
- Re: Spitballing IoT Security Aled Morris (Oct 25)
- Re: Spitballing IoT Security Bruce Curtis (Oct 25)
- Re: Spitballing IoT Security Ronald F. Guilmette (Oct 25)
- Re: Spitballing IoT Security Eliot Lear (Oct 26)
- Re: Spitballing IoT Security Mike Meredith (Oct 27)
- Re: Spitballing IoT Security Mel Beckman (Oct 27)
- Re: Spitballing IoT Security Eliot Lear (Oct 28)
- RE: Spitballing IoT Security Keith Medcalf (Oct 27)
- RE: Spitballing IoT Security bzs (Oct 27)
- Re: Spitballing IoT Security Jim Hickstein (Oct 28)