nanog mailing list archives
Re: Spitballing IoT Security
From: "Eric S. Raymond" <esr () thyrsus com>
Date: Wed, 26 Oct 2016 08:30:43 -0400
Rich Kulawiec <rsk () gsp org>:
I think our working assumption should be that there will be zero cooperation from the IoT vendors. (Yeah, once in a while one might actually step up, but that will merely be a happy anomaly.)
I agree. There is, however, a chokepoint we have more hope of getting decent software deployed to. I refer to home and small-business routers. OpenWRT and kin are already minor but significant players here. And there's an NRE-minimization aregument we can make for router manufacturers to use rebranded versions rather than rolling their own crappy firmware. I think the anti-IoT-flood strategy that makes the most sense is: 1. Push open-source firmware that doesn't suck to the vendors with a cost- and risk-minimization pitch. 2. Ship it with egress filters. (And telnet blocked.) It wouldn't be technically very difficult to make the firmware rate-limit outbound connections. Cute trick: if we unlimit any local IP address that is a port-forwarding target, most users will never notice because their browser sessions won't be effected. -- <a href="http://www.catb.org/~esr/">Eric S. Raymond</a>
Current thread:
- Re: Spitballing IoT Security, (continued)
- Re: Spitballing IoT Security Chris Boyd (Oct 25)
- Re: Spitballing IoT Security Eliot Lear (Oct 28)
- Re: Spitballing IoT Security bzs (Oct 25)
- RE: Spitballing IoT Security Steve Mikulasik (Oct 24)
- Re: Spitballing IoT Security J. Oquendo (Oct 24)
- Re: Spitballing IoT Security Mike Hammett (Oct 24)
- Re: Spitballing IoT Security Hugo Slabbert (Oct 24)
- Re: Spitballing IoT Security Mike Hammett (Oct 24)
- Re: Spitballing IoT Security bzs (Oct 24)
- Re: Spitballing IoT Security Rich Kulawiec (Oct 26)
- Re: Spitballing IoT Security Eric S. Raymond (Oct 26)
- Re: Spitballing IoT Security Mel Beckman (Oct 26)
- Re: Spitballing IoT Security Eric S. Raymond (Oct 26)
- Re: Spitballing IoT Security Mel Beckman (Oct 26)
- Re: Spitballing IoT Security Ronald F. Guilmette (Oct 26)
- Re: Spitballing IoT Security Valdis . Kletnieks (Oct 26)
- Re: Spitballing IoT Security Ronald F. Guilmette (Oct 26)
- Re: Spitballing IoT Security Jean-Francois Mezei (Oct 26)
- Re: Spitballing IoT Security Ronald F. Guilmette (Oct 26)
- Re: Spitballing IoT Security Leo Bicknell (Oct 26)
- Re: Spitballing IoT Security Jean-Francois Mezei (Oct 26)