[193642] in North American Network Operators' Group
Re: IoT security
daemon@ATHENA.MIT.EDU (Rich Kulawiec)
Thu Feb 9 12:04:45 2017
X-Original-To: nanog@nanog.org
Date: Thu, 9 Feb 2017 12:04:40 -0500
From: Rich Kulawiec <rsk@gsp.org>
To: nanog@nanog.org
In-Reply-To: <CAOZq8-j2X0TWEaKkO7q8YuAZ+p7hxNmmKCD6=TwnTEwh2RY0Cg@mail.gmail.com>
Errors-To: nanog-bounces@nanog.org
On Wed, Feb 08, 2017 at 08:30:15AM -0800, Damian Menscher wrote:
> The devices are trivially compromised (just log in with the default root
> password). So here's a modest proposal: log in as root and brick the
> device.
No. It's never a good idea to respond to abuse with abuse. Not only
is it unethical and probably illegal (IANAL, this is not legal advice)
but it won't take more than a day for someone to figure out that this
is happening and use some variety of misdirection to cause third parties
to target devices that aren't actually part of the problem.
---rsk
