http://arstechnica.com/security/2014/03/hackers-hijack-30-plus-wireless-routers-make-malicious-changes/
Is there any valid reason not to black hole those /32s on the back bone?
--
Sent from my Android phone with K-9 Mail. Please excuse my brevity.
On Tue, 04 Mar 2014 09:00:18 +0100, Jay Ashworth j...@baylink.com wrote:
http://arstechnica.com/security/2014/03/hackers-hijack-30-plus-wireless-routers-make-malicious-changes/
Is there any valid reason not to black hole those /32s on the back bone?
The telltale sign a router has been
On Tue, Mar 4, 2014 at 5:46 AM, fmm vo...@fakmoymozg.ru wrote:
On Tue, 04 Mar 2014 09:00:18 +0100, Jay Ashworth j...@baylink.com wrote:
http://arstechnica.com/security/2014/03/hackers-hijack-30-plus-wireless-routers-make-malicious-changes/
Is there any valid reason not to black hole
Andrew Latham wrote:
On Tue, Mar 4, 2014 at 5:46 AM, fmm vo...@fakmoymozg.ru wrote:
On Tue, 04 Mar 2014 09:00:18 +0100, Jay Ashworth j...@baylink.com wrote:
http://arstechnica.com/security/2014/03/hackers-hijack-30-plus-wireless-routers-make-malicious-changes/
Is there any valid reason
Why want to swing such a big hammer. Even blocking those 2 IP's will
isolate your users, and fill your support queue's.
Set up a DNS server locally to reply to those IP's Your customers stay up
and running and blissfully unaware.
Log the IP's hitting your DNS servers on those IP and have your
On Tue, Mar 4, 2014 at 7:27 AM, Davide Davini diotona...@gmail.com wrote:
Andrew Latham wrote:
On Tue, Mar 4, 2014 at 5:46 AM, fmm vo...@fakmoymozg.ru wrote:
On Tue, 04 Mar 2014 09:00:18 +0100, Jay Ashworth j...@baylink.com wrote:
On Tue, 04 Mar 2014 09:28:01 -0400, jim deleskie said:
Why want to swing such a big hammer. Even blocking those 2 IP's will
isolate your users, and fill your support queue's.
Set up a DNS server locally to reply to those IP's Your customers stay up
and running and blissfully unaware.
Log
- Original Message -
From: Andrew Latham lath...@gmail.com
you wanted to say blackhole those 5.45.72.0/22 and 5.45.76.0/22,
Jay is right, it is just the /32s at the moment... Dropping the /22s
could cause other sites to be blocked.
inetnum: 5.45.72.0 - 5.45.75.255
netname:
- Original Message -
From: jim deleskie deles...@gmail.com
Why swing such a big hammer. Even blocking those 2 IP's will
isolate your users, and fill your support queue's.
Set up a DNS server locally to reply to those IP's Your customers stay up
and running and blissfully unaware.
On 03/04/2014 05:28 AM, jim deleskie wrote:
Why want to swing such a big hammer. Even blocking those 2 IP's will
isolate your users, and fill your support queue's.
When the malicious DNS services get shutdown you will still have your
support queue's filled, anyway.
Doing it now will let you
Sent: 04/03/2014 18:09
To: jim deleskiemailto:deles...@gmail.com; Andrew
Lathammailto:lath...@gmail.com
Cc: nanog@nanog.orgmailto:nanog@nanog.org
Subject: Re: Hackers hijack 300, 000-plus wireless routers, make malicious
changes | Ars Technica
On 03/04/2014 05:28 AM, jim deleskie wrote:
Why
On Tue, Mar 4, 2014 at 12:33 PM, Ian McDonald i...@st-andrews.ac.uk wrote:
Until the average user's cpe is only permitted to use the resolvers one
has provided as the provider (or otherwise decided are OK), this is going
to be a game of whackamole.
No. That is still just treating symptoms,
On Mar 4, 2014, at 6:54 AM, valdis.kletni...@vt.edu wrote:
On Tue, 04 Mar 2014 09:28:01 -0400, jim deleskie said:
Why want to swing such a big hammer. Even blocking those 2 IP's will
isolate your users, and fill your support queue's.
Set up a DNS server locally to reply to those IP's
I don¹t know that they have a lot of motivation to support ³legacy² access
points. The home brew guys tend to magically ³find² ways to install
software on these POS CPE AP/Router combos, which I don¹t think is a
coincidence. The linksys types of the world want to sell more routers, not
make
On 3/4/14, 11:52 AM, Merike Kaeo k...@merike.com wrote:
CPE devices are just a huge cesspool. Any device that already
doesn't let you change username 'admin' is off to a bad start. We
have to get these supposedly 'plug it in and never touch it'
devices to be better at firmware upgrades.
*
On 04/03/14 10:33, Ian McDonald wrote:
Until the average user's cpe is only permitted to use the resolvers one
has provided as the provider (or otherwise decided are OK), this is
going to be a game of whackamole. So long as there's an 'I have a clue'
opt out, it appears to be the way forward
16 matches
Mail list logo