DDoS Of Things -

Sean Lynch seanl at literati.org
Wed Sep 28 10:31:15 PDT 2016


On Tue, Sep 27, 2016 at 8:50 PM, Steve Kinney <admin at pilobilus.net> wrote:

>
>
> On 09/27/2016 11:21 PM, grarpamp wrote:
> > On Sun, Sep 25, 2016 at 3:46 AM, Mirimir <mirimir at riseup.net> wrote:
> >> Yes, it's for sure a hard problem. Any entity resourceful enough to
> >> withstand Tbps DDoS is likely a huge privacy risk :(
> >>
> >> On the other hand, Krebs has been totally asking for it, for years ;)
> >> He's been going after major cybercriminals, who perhaps have major
> >> connections with global TLAs. And he's often been a jerk about it.
> >> Hugely self-righteous, and humorless. So meh ;)
> >
> > He's already been swatted, manure mailed for lols, etc.
> > Though being AP'd by the cybers is probably unlikely.
>
> Meanwhile the Big DDoS has apparently been mitigated by Akamai or
> somebody.
>

It was mitigated by Google's Project Shield. The Internet is starting to
feel a lot more like feudalism, where you have to swear fealty to some lord
or get overrun by barbarian hordes. Or, I guess, the way all governments
want us to feel about the world. "Bad guys" like this are a government's
best friend. Or a megacorp's.


> What bothers me is not this particular instance, but the proof of
> concept it represents, in a world where everything from refrigerators to
> night lights phones home.  Things present a very diffuse and low-reward
> attack surface individually, but as reflectors they provide a potential
> solar-furnace-like effect in the hands of a sophisticated attacker.
>

But the fact that they blew their wad early on a low-value target like
Krebs means that the issue will get attention. Of course, if the cost to
any given end user or their ISP is small enough, perhaps it won't be enough.


> "Physical access is game over" so it may turn out that whoever owns the
> most Things wins after all.
>

Ownership of Things is not permanent, though. Maintaining a botnet is a
neverending battle.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 2793 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks/attachments/20160928/c37ff44e/attachment.txt>


More information about the cypherpunks mailing list