[Discuss] The Mirai botnet

[guy1gold at gmail.com (Guy Gold)]

On Mon,Oct 31 09:45:PM, Rich Braun wrote:
> 
> What's got me curious about all the mainstream-media hype about the Mirai
> botnet is--where are those 300,000 devices installed, what brands of products
> are they, were they compromised remotely or did they get infected before they
> left the (physical) factory, and what can we/the router vendors/the Linux
> community do to prevent such attacks from  being successful in the future?
> 
> 
> -rich

UPnP is not your friend, inned. It's a bit of a surprise to hear
some vendors have it "on" by default, but with IoT for everyone,
yup :)

A very zealous vendor could find a way to sell you a device that
will get web access w/o you ever thinking it will.

One way I could think of blocking this is by keeping a MAC
binding in dhcpd.conf (each device has to be manually added,
otherwise it's the 169. block for them.)

I guess that's (one reason) why the NSA has the "trusted vendor
program". IIRC, there has to be at least n number of Fab's on US
soil, no matter how financially unviable. 

http://www.dmea.osd.mil/trustedic.html
"Trusted ? Is the confidence in one?s ability to secure national
security systems by assessing the integrity of the people and
processes used to design, generate, manufacture and distribute
national security critical components (i.e. microelectronics)." 


--
Guy Gold