nanog mailing list archives

Re: Spitballing IoT Security


From: Jean-Francois Mezei <jfmezei_nanog () vaxination ca>
Date: Tue, 25 Oct 2016 04:37:19 -0400

On 2016-10-25 04:10, Ronald F. Guilmette wrote:

If all of the *&^%$# damn stupid vacation pet feeders had originally shipped
with outbound rate limits hard-coded in the kernel, maybe this could have
been avoided.


I view this differently.

The problem is in allowing inbound connections and going as far as doing
UPnP to tell the CPE router to open a inbound door to let hackers loging
to that IoT  pet feeder to turn it into an agressive DNS destroyer.

Then again, you need to have the owner access the pet feeder from the
remote beach to feed the dog.

One way around this is for the pet feeder to initiate outbound
connection to a central server, and have the pet onwer connect to that
server to ask the server to send command to his pet feeder to feed the dog.

This way, there need not be any inbound connection to the pet feeder.



Current thread: