[169572] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Hackers hijack 300, 000-plus wireless routers, make malicious

daemon@ATHENA.MIT.EDU (fmm)
Tue Mar 4 06:46:53 2014

To: nanog@nanog.org
Date: Tue, 04 Mar 2014 12:46:20 +0100
From: fmm <vovan@fakmoymozg.ru>
In-Reply-To: <84697a3f-5415-4ee9-ab11-ec3ab8e7f608@email.android.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org

On Tue, 04 Mar 2014 09:00:18 +0100, Jay Ashworth <jra@baylink.com> wrote:

> http://arstechnica.com/security/2014/03/hackers-hijack-300000-plus-wireless-routers-make-malicious-changes/
>
> Is there any valid reason not to black hole those /32s on the back bone?


>> The telltale sign a router has been compromised is DNS settings that  
>> have been changed to 5.45.75.11 and 5.45.76.36. Team Cymru researchers  
>> contacted the provider that hosts those two IP addresses but have yet  
>> to receive a response.

you wanted to say "blackhole those 5.45.72.0/22 and 5.45.76.0/22", aren't  
you?


Cheers


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[169572] in North American Network Operators' Group

Re: Hackers hijack 300, 000-plus wireless routers, make malicious

daemon@ATHENA.MIT.EDU (fmm)Tue Mar 4 06:46:53 2014

daemon@ATHENA.MIT.EDU (fmm)
Tue Mar 4 06:46:53 2014