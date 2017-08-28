Please create an account to participate in the Slashdot moderation system

 


A Year After Mirai: DVR Torture Chamber Test Shows Two Minutes Between Exploits (sans.edu) 12

Posted by BeauHD from the mildy-disturbing dept.
UnderAttack writes: Over two days, the Internet Storm Center connected a default configured DVR to the internet, and rebooted it every 5 minutes in order to allow as many bots as possible to infect it. They detected about one successful attack (using the correct password xc3511) every 2 minutes. Most of the attackers were well known vulnerable devices. A year later, what used to be known as the "Mirai" botnet has branched out into many different variants. But it looks like much hyped "destructive" variants like Brickerbot had little or no impact.

  • Honey pot? (Score:3)

    by 0100010001010011 ( 652467 ) on Monday August 28, 2017 @08:16PM (#55100541)

    Wouldn't it have just been simpler to create a honey pot that answered to the correct password?

    • Wouldn't it have just been simpler to create a honey pot that answered to the correct password?

      Malware authors are getting increasingly good at detecting honey pot environments. Using the real deal is a good call, IMHO.

  • PhD? (Score:3)

    by msauve ( 701917 ) on Monday August 28, 2017 @09:14PM (#55100789)
    DVR doesn't mean what he thinks it means. He's talking about IP cameras. He says it's an "Anrai" in one place, an "Anrain" in another, Google says it's probably an "Anran."

    He claims "Traffic from the DVR outbound was blocked by the firewall to prevent it from infecting other systems." But, of course, if that were true then the camera wouldn't be able to create a telnet session.

    This, from someone claiming to be "Ph.D., Dean of Research, SANS Technology Institute?" A quick search says "The SANS Technology Institute is regionally accredited by the Middle States Commission on Higher Education...", which is itself a DBA for a corporation created in 2013.

    OK, so they're the successor to ITT Tech, but without the reputation.

    • Re: (Score:2)

      by J053 ( 673094 )

      OK, the drawing accompanying the report could have used something other than a "camera" icon for the DVR under test, and yes, it was probably an "Anran" DVR. Having said that, Dr. Ullrich has a PhD in physics from SUNY Albany, and the SANS Institute has been a well-respected source of systems administration and network security education since the mid 90s, at least.

      I really don't understand why GP felt the need to throw shade on the producer of the report, rather than address the findings themselves, but wh

    • You're not familiar with SANS? I'd expect any sysadmin or syasadmin-wannabe would know of them...

  • I've held off getting any internet connected devices (besides computers of course) for a long time, but I did break down and get a receiver that is connected and gets firmware updates from time to time...

    I should really someday look for traffic coming from the thing but I've not bothered so far... the only condolence I have is hoping that it has limited throughput.

