Re: Vulnerability of IoT devices in Mauritius

From: Martin <martin_at_navacelle.net>
Date: Sun, 23 Oct 2016 09:00:26 +0400



Great jobOn Oct 23, 2016 7:44 AM, S Moonesamy <sm+mu_at_elandsys.com> wrote:


>


> Hi Ajay, 


> At 10:51 22-10-2016, Ajay R Ramjatan wrote: 


> >A preliminary analysis indicates the botnet behind the DDoS is 


> >fueled partly by vulnerable IoT (Internet of things) devices, such 


> >as routers, DVRs. I have been asking myself how many such vulnerable 


> >devices are operating in Mauritius and whether any of them have been 


> >participants in this DDoS. 


>


> At least a few devices in Mauritius are infected by Mirai.  I don't 


> know whether those devices were used in yesterday's DDoS. 


>


> >In the field of my profession, I have been asked to configure port 


> >forwarding so my clients can access their DVR devices inside their 


> >premises from an external location, which I did. Security experts 


> >have been warning the community at large about the threat that 


> >poorly engineered IoT devices can pose and the recent DDoS attacks 


> >only confirm that those warnings are to be taken seriously. 


>


> The local approach to (computer) security is unsafe.  The regional 


> approach is not better ( 


> https://lists.afrinic.net/pipermail/rpd/2015/004615.html ). 


>


> >Those botnets are made possible by inadequate processes from 


> >manufacturers, misconfiguration from resellers/installers and 


> >sometimes poor practices from end-users. I believe there should be a 


> >Mauritian campaign to raise awareness about the risks that 


> >poorly-deployed IoT devices pose and stop them from being used as 


> >attack vectors. It would reflect poorly on Mauritius if the island 


> >is present in some analysis of the source of future DDoS attacks. 


>


> The island is already listed as a source for "attacks".  People on 


> the island are not concerned by those types of "attacks" as the only 


> personal or business "tech" usage is Facebook. 


>


> I noticed http://www.elandsys.com/~sm/test.png a few months ago but I 


> did not mention it as nobody in Mauritius would be interested.  I 


> agree that there should be a local campaign to raise awareness about 


> poorly deployed IoT devices.  It is difficult to talk about that in 


> Mauritius as people do not like hearing about problems and because 


> there isn't any public information to explain the problem. 


>


> Regards, 


> S. Moonesamy 


>


>


Received on Sun Oct 23 2016 - 05:01:06 PST














This archive was generated by hypermail 2.3.0
: Sun Oct 23 2016 - 05:09:01 PST