[169587] in North American Network Operators' Group
Re: Hackers hijack 300, 000-plus wireless routers, make malicious
daemon@ATHENA.MIT.EDU (Warren Bailey)
Tue Mar 4 15:00:34 2014
From: Warren Bailey <wbailey@satelliteintelligencegroup.com>
To: Merike Kaeo <kaeo@merike.com>, "Valdis.Kletnieks@vt.edu"
<Valdis.Kletnieks@vt.edu>
Date: Tue, 4 Mar 2014 19:59:57 +0000
In-Reply-To: <853C4F11-74FC-4027-8771-8964631C02FE@merike.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
I don=B9t know that they have a lot of motivation to support =B3legacy=B2 a=
ccess
points. The home brew guys tend to magically =B3find=B2 ways to install
software on these POS CPE AP/Router combos, which I don=B9t think is a
coincidence. The linksys types of the world want to sell more routers, not
make routers that suddenly have an amazing 8 year shelf life. Most people
get tired of that POS box that gives them internet not working, and buy a
new LESS POS with whatever 802.xxx of the week/month/year/shopping season.
The margins probably really suck if you support a piece of plastic longer
than __ months, so I doubt you=B9ll see anyone supporting their cheap box
any time soon. I bet if you offered them a way to do it for free, they=B9d
look at it ;)
On 3/4/14, 11:52 AM, "Merike Kaeo" <kaeo@merike.com> wrote:
>
>On Mar 4, 2014, at 6:54 AM, Valdis.Kletnieks@vt.edu wrote:
>
>> On Tue, 04 Mar 2014 09:28:01 -0400, jim deleskie said:
>>> Why want to swing such a big hammer. Even blocking those 2 IP's will
>>> isolate your users, and fill your support queue's.
>>>=20
>>> Set up a DNS server locally to reply to those IP's Your customers
>>>stay up
>>> and running and blissfully unaware.
>>>=20
>>> Log the IP's hitting your DNS servers on those IP and have your support
>>> reach out to them in a controlled way, or reply to any request via DNS
>>> with an internal host that has a web page explaining what is broken
>>>and how
>>> they can fix it avoiding at least some of the calls to your helpdesk.
>>=20
>> Two words: "DNS Changer". What did we learn from that?
>
>My thoughts exactly. Some walled gardens set up in those instances.
>
>And don't blindly follow someone's advice without looking at impacts to
>your
>networks. =20
>
>CPE devices are just a huge cesspool. Any device that already doesn't
>let you
>change username 'admin' is off to a bad start. We have to get these
>supposedly
>'plug it in and never touch it' devices to be better at firmware upgrades.
>
>- merike
