GPN17:From Mirai to Apple: Unterschied zwischen den Versionen
(Fahrplanbot tut Dinge) |
K (Fahrplanbot tut Dinge) |
||
Zeile 1: | Zeile 1: | ||
Ein Vortrag von Puck auf der [[GPN17]]. | Ein Vortrag von Puck auf der [[GPN17]]. | ||
In my talk I will show how the Mirai bot net abused a common implementation flaw in many IoT devices, which opens home firewalls to the internet. This allows anyone looking to find those devices using tools as simple as Shodan.io . | |||
While reading about the Mirai botnet I was confronted with a simple and yet profound question: How the hell could this even work? Shouldn't there be firewalls built into every router to prevent such an attack? And (almost) no one who buys an IoT device knows how to manually open the ports on their routers. So how could Millions of these things become a botnet? | While reading about the Mirai botnet I was confronted with a simple and yet profound question: How the hell could this even work? Shouldn't there be firewalls built into every router to prevent such an attack? And (almost) no one who buys an IoT device knows how to manually open the ports on their routers. So how could Millions of these things become a botnet? |
Version vom 14. Mai 2017, 22:55 Uhr
Ein Vortrag von Puck auf der GPN17.
In my talk I will show how the Mirai bot net abused a common implementation flaw in many IoT devices, which opens home firewalls to the internet. This allows anyone looking to find those devices using tools as simple as Shodan.io .
While reading about the Mirai botnet I was confronted with a simple and yet profound question: How the hell could this even work? Shouldn't there be firewalls built into every router to prevent such an attack? And (almost) no one who buys an IoT device knows how to manually open the ports on their routers. So how could Millions of these things become a botnet?
This question send me on a scavenger hunt searching for a way to find the smartest device in my home network. A multi-function printer.
To get my answers I had to look into how UPnP ,and Apples alternative Bonjour, work.
Links
Fahrplan |
Hauptseite | Feedback | FAQ
2³² Stars In The Sky Abschlussrunde mit Vorstellung FreifunkBW::Camp Alice explodiert! Begrüßung und Einleitung Bondage-Workshop BorgBackup Treffen Build yourself a SNMP replacement Building a Photobooth Closing und Review Combining the Intertubes using Multipath TCP Critical Mass CyberMorning Show Cybern Demoshow Die manpages.debian.org-Modernisierung Digitalisierte Stromnetze und Smart Meter in Deutschland Einführung Infotresen Einführung in Onshape Einführung in die Chaosvermittlung Electronic GeekBag Esoterische Programmiersprachen FreeBSD: The Power to Serve a Community Freifunk Interconnectivity Freifunk-Admin-Talkrunde From Mirai to Apple Guerilla Stricken Gulasch Karaoke Gulaschausgabe HTTP Security Header Hack the Badge - Preisverleihung Hackertours Haecksenfryhstyck How to fly to the Moon How we bodged the Badge Improving the Web of Trust with GNOME Keysign Introduction to Automated Binary Analysis Jonglier-Workshop Lightning Talks Lossless Data Compression Mammut statt Vogel Mate Making DIY McFly McFly Menstruation Matters Mitgliederverwaltung für Erfas My Little Pony - Videoanalyse ist Magie Network Flow Analysis using Netflow protocols and tflow2 Neues ECAD-Programm horizon OWASP TOP 10 OWASP Top 10 Privacy Risks Project PGP Keysigning Panik überall Pixel-Art Workshop Playing Studio Sets Live with Ableton Podcasten QR-Codes SHA2017 Orga Meet @ GPN17 Salt-Orchestrated Software Defined Freifunk Backbone im Hochstift Smarthome mit ioBroker Sysadmin Nightmares The Elektr0nic Window Towards a more secure operating system without sacrificing usability Vertrauen ist gut, Kontrolle ist besser. Virtual Reality mit Freier Software WCW 2017 Livestream Webserversecurity 101 Werwölfe von Düsterwald What to hack Wie kommt eigentlich das Internet von Hamburg nach Stuttgart? ZFS replication with zrepl ffbw.de Workshop git-dit gokrazy: ein Go userland für Raspberry Pi 3 appliances hacking galaxy S8 iris recognition small modifications and embodied connectivity the dark side of the wifi Æ-DIR Installation Workshop