[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Hackers hijack 300, 000-plus wireless routers, make malicious changes | Ars Technica

Subject: Hackers hijack 300, 000-plus wireless routers, make malicious changes | Ars Technica
From: iam at st-andrews.ac.uk (Ian McDonald)
Date: Tue, 4 Mar 2014 18:33:46 +0000
In-reply-to: <[email protected]>
References: <[email protected]> <op.xb64biiundossr@localhost> <CA+qj4S9C+sukX9Z=dcKHw4D5zK77YKPUQo_eYaS3owb=a-5iAQ@mail.gmail.com> <CAJL_ZMNB0HmZn94t_SzcZrXUyLo-ZUxJN36w0m6XE7N_Gy8zyA@mail.gmail.com>, <[email protected]>

Until the average user's cpe is only permitted to use the resolvers one has provided as the provider (or otherwise decided are OK), this is going to be a game of whackamole. So long as there's an 'I have a clue' opt out, it appears to be the way forward to resolve this issue. Shutting down one set of 'bad resolvers' will simply cause a new set to be spawned, and a reinfection run round the still-unpatched cpe's of the world.

Thanks

--
ian

Sent from my phone, please excuse brevity and misspelling.
________________________________
From: Octavio Alvarez<mailto:alvarezp at alvarezp.ods.org>
Sent: ?04/?03/?2014 18:09
To: jim deleskie<mailto:deleskie at gmail.com>; Andrew Latham<mailto:lathama at gmail.com>
Cc: nanog at nanog.org<mailto:nanog at nanog.org>
Subject: Re: Hackers hijack 300, 000-plus wireless routers, make malicious changes | Ars Technica

On 03/04/2014 05:28 AM, jim deleskie wrote:
> Why want to swing such a big hammer.  Even blocking those 2 IP's will
> isolate your users, and fill your support queue's.

When the malicious DNS services get shutdown you will still have your
support queue's filled, anyway.

Doing it now will let you identify those affected. Blockage doesn't have
to be all-or-nothing. It can be incremental, selective or all-or-nothing
on some time windows.

Better now than later.

Follow-Ups:
- Hackers hijack 300, 000-plus wireless routers, make malicious changes | Ars Technica
  - From: brandon.galbraith at gmail.com (Brandon Galbraith)
- Hackers hijack 300, 000-plus wireless routers, make malicious changes | Ars Technica
  - From: mysidia at gmail.com (Jimmy Hess)
- Hackers hijack 300, 000-plus wireless routers, make malicious changes | Ars Technica
  - From: alvarezp at alvarezp.ods.org (Octavio Alvarez)

References:
- Hackers hijack 300, 000-plus wireless routers, make malicious changes | Ars Technica
  - From: jra at baylink.com (Jay Ashworth)
- Hackers hijack 300, 000-plus wireless routers, make malicious changes | Ars Technica
  - From: vovan at fakmoymozg.ru (fmm)
- Hackers hijack 300, 000-plus wireless routers, make malicious changes | Ars Technica
  - From: lathama at gmail.com (Andrew Latham)
- Hackers hijack 300, 000-plus wireless routers, make malicious changes | Ars Technica
  - From: deleskie at gmail.com (jim deleskie)
- Hackers hijack 300, 000-plus wireless routers, make malicious changes | Ars Technica
  - From: alvarezp at alvarezp.ods.org (Octavio Alvarez)

Prev by Date: Hackers hijack 300, 000-plus wireless routers, make malicious changes | Ars Technica
Next by Date: Hackers hijack 300, 000-plus wireless routers, make malicious changes | Ars Technica
Previous by thread: Hackers hijack 300, 000-plus wireless routers, make malicious changes | Ars Technica
Next by thread: Hackers hijack 300, 000-plus wireless routers, make malicious changes | Ars Technica
Index(es):
- Date
- Thread