Re: Vulnerability of IoT devices in Mauritius

From: Martin <martin_at_navacelle.net>
Date: Sun, 23 Oct 2016 09:00:26 +0400


Great jobOn Oct 23, 2016 7:44 AM, S Moonesamy <sm+mu_at_elandsys.com> wrote:
>
> Hi Ajay,
> At 10:51 22-10-2016, Ajay R Ramjatan wrote:
> >A preliminary analysis indicates the botnet behind the DDoS is
> >fueled partly by vulnerable IoT (Internet of things) devices, such
> >as routers, DVRs. I have been asking myself how many such vulnerable
> >devices are operating in Mauritius and whether any of them have been
> >participants in this DDoS.
>
> At least a few devices in Mauritius are infected by Mirai.  I don't
> know whether those devices were used in yesterday's DDoS.
>
> >In the field of my profession, I have been asked to configure port
> >forwarding so my clients can access their DVR devices inside their
> >premises from an external location, which I did. Security experts
> >have been warning the community at large about the threat that
> >poorly engineered IoT devices can pose and the recent DDoS attacks
> >only confirm that those warnings are to be taken seriously.
>
> The local approach to (computer) security is unsafe.  The regional
> approach is not better (
> https://lists.afrinic.net/pipermail/rpd/2015/004615.html ).
>
> >Those botnets are made possible by inadequate processes from
> >manufacturers, misconfiguration from resellers/installers and
> >sometimes poor practices from end-users. I believe there should be a
> >Mauritian campaign to raise awareness about the risks that
> >poorly-deployed IoT devices pose and stop them from being used as
> >attack vectors. It would reflect poorly on Mauritius if the island
> >is present in some analysis of the source of future DDoS attacks.
>
> The island is already listed as a source for "attacks".  People on
> the island are not concerned by those types of "attacks" as the only
> personal or business "tech" usage is Facebook.
>
> I noticed http://www.elandsys.com/~sm/test.png a few months ago but I
> did not mention it as nobody in Mauritius would be interested.  I
> agree that there should be a local campaign to raise awareness about
> poorly deployed IoT devices.  It is difficult to talk about that in
> Mauritius as people do not like hearing about problems and because
> there isn't any public information to explain the problem.
>
> Regards,
> S. Moonesamy
>
>
Received on Sun Oct 23 2016 - 05:01:06 PST

This archive was generated by hypermail 2.3.0 : Sun Oct 23 2016 - 05:09:01 PST