[169586] in North American Network Operators' Group
Re: Hackers hijack 300, 000-plus wireless routers,
daemon@ATHENA.MIT.EDU (Merike Kaeo)
Tue Mar 4 14:53:00 2014
From: Merike Kaeo <kaeo@merike.com>
In-Reply-To: <45536.1393944852@turing-police.cc.vt.edu>
Date: Tue, 4 Mar 2014 11:52:02 -0800
To: Valdis.Kletnieks@vt.edu
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Mar 4, 2014, at 6:54 AM, Valdis.Kletnieks@vt.edu wrote:
> On Tue, 04 Mar 2014 09:28:01 -0400, jim deleskie said:
>> Why want to swing such a big hammer. Even blocking those 2 IP's will
>> isolate your users, and fill your support queue's.
>>=20
>> Set up a DNS server locally to reply to those IP's Your customers =
stay up
>> and running and blissfully unaware.
>>=20
>> Log the IP's hitting your DNS servers on those IP and have your =
support
>> reach out to them in a controlled way, or reply to any request via =
DNS
>> with an internal host that has a web page explaining what is broken =
and how
>> they can fix it avoiding at least some of the calls to your =
helpdesk.
>=20
> Two words: "DNS Changer". What did we learn from that?
My thoughts exactly. Some walled gardens set up in those instances.
And don't blindly follow someone's advice without looking at impacts to =
your
networks. =20
CPE devices are just a huge cesspool. Any device that already doesn't =
let you
change username 'admin' is off to a bad start. We have to get these =
supposedly
'plug it in and never touch it' devices to be better at firmware =
upgrades.
- merike=
