DDoS Of Things -
Steve Kinney
admin at pilobilus.net
Wed Sep 28 10:43:16 PDT 2016
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 09/28/2016 01:31 PM, Sean Lynch wrote:
> On Tue, Sep 27, 2016 at 8:50 PM, Steve Kinney <admin at pilobilus.net
> <mailto:admin at pilobilus.net>> wrote:
> "Physical access is game over" so it may turn out that whoever owns
> the most Things wins after all.
>
>
> Ownership of Things is not permanent, though. Maintaining a botnet
> is a neverending battle.
I need to understand Things better. It makes sense to me that one can
buy or borrow a Thing, disassemble it in the hardware then the
firmware sense, and options for taking over that whole family or
series of Things should present themselves - hard coded back doors for
vendor configuration updates or etc. should be quite common. What I
don't understand is how one would go about identifying the right
addresses to send bogus vendor patches or other exploit code to,
without access to the vendor's own database of incoming pings from
Things. MITM the vendor's connection and collect them as they pass?
Send connection requests to Things at whole IP address ranges and see
who answers?
:o/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQEcBAEBAgAGBQJX7AE0AAoJEECU6c5XzmuqxzgIANLdBECxP1KAvJPcm6sJXMgu
3rf9Da9lJ8sdBJAssINYXXpbpv8gtqx1RC/A8t7cQHoyR2gHBKQ1dHvWcN9aVHTQ
ezVWwJpqJxW0m3o7NucEdzJTOkiGbFJ85dNFjMEW/k+6CzpJ2B+oKlfHIhV569P+
5cM2eTVnRV/PLwNmR9LZaffS2y4smWlNuUPq537XAb4/B5oa77Gt46DNlHlHtQNe
XFlrIcVj5T2rs6o+WBjwzS5F0q1mJX20k2Y9B1XJbSPZbzv4L3ASTlYd7Y7JLH5S
qTvsTi8ALZSmRAdn1HnSOoQvl9RCgUjXwHtFj90+a9IyuX6E8bnr63fE0xs1Jjg=
=qi85
-----END PGP SIGNATURE-----
More information about the cypherpunks
mailing list