一个租用相机、DVR 僵尸网络军队如何导致互联网混乱

发布于 2016-10-26

Internet of Evil Things Attack: On October 21, an attack disrupted much of the Internet. Evidence points to multiple "botnets" of Internet-connected gadgets being responsible, with Mirai being a major contributor. Other systems not matching Mirai's signature were also involved.
- Motivation: May have been blackmail, but Dyn denied a financial motivation. The attack could lead to more copycat attacks and victim payouts.
Previous Mirai Attacks: Mirai played a role in previous attacks, such as the extended DDoS attack on Brian Krebs' website and the large DDoS against OVH. It was the star of the attack on Dyn, controlling multiple bot groups.
During Dyn Attack: Some Mirai-infected devices were used to attack a gaming company's infrastructure, and it's not clear if the attacks on Dyn and the PlayStation Network were connected. Dyn is working with law enforcement to determine the root cause.
Mirai's Features:
- Code Published: Its code was published on Hacker Forums, giving researchers insights but also making it easier for others to build botnets.
- Simple C&C Structure: The C&C domain can change its address, allowing the botnet to be segmented and re-established easily.
- Leverages Poor Security: It uses default usernames and passwords and exploits weak firewall configurations on Internet-connected devices.
Traffic Analysis: Level 3's Drew provided traffic records. There were two distinct attack waves, mostly SYN flood attacks and a "DNS Water Torture" attack. Eventually, the monitored server had connectivity issues.
The Future: More network providers will take measures to block Mirai traffic, but it will take years to properly protect vulnerable devices. Many are eager to try similar attacks, and some have claimed responsibility.

阅读 5