IANA Security Expert, but simple advice from Krebs:<p>>Anyone looking for an easy way to tell whether any of network ports may be open and listening for incoming external connections could do worse than to run Steve Gibson‘s “Shields Up” UPnP exposure test.<p><a href="https://krebsonsecurity.com/2016/10/who-makes-the-iot-things-under-attack/#more-36566" rel="nofollow">https://krebsonsecurity.com/2016/10/who-makes-the-iot-things...</a><p>another thing to remember... ALL IoT devices have admin credentials, its just a matter of whether or not they can be connected to, whether the credentials are compromised, and whether the device is susceptible to brute force.
The main take-aways are: 1) Use a firewall between your Internet connection and your IoT devices, and 2) disable UPnP support on your firewall.<p>It's disturbing how many devices enable telnet and/or ssh by default, make it difficult or impossible for a user to actually change the default password, and subvert firewalls using P2P protocols. At the end of the day, to secure your network you really do need to run nmap regularly against your subnet checking for devices with open ports, and tcpdump between your gateway and your devices, monitoring what connections they are actually making.<p>For ordinary users, the situation is truly hopeless. They are pwned by default if they buy into IoT.
For those interested a couple weeks ago I did a source code review and write-up: "Mirai (DDoS) Source Code Review"<p><a href="https://medium.com/@cjbarker/mirai-ddos-source-code-review-57269c4a68f#.nm45chqa5" rel="nofollow">https://medium.com/@cjbarker/mirai-ddos-source-code-review-5...</a>
>Level 3 Threat Research Labs will continue to identify and track developments in these botnets<p>but not take any action against actual source of the traffic, AS that host BOTs with static IP.<p>>We will also work with hosting providers and domain registrars to block traffic to these C2s<p>but again not do anything to close the source of the problem.
L3 admits they have a list of ~500K static IPs with bots behind them, they arent blocking nor reporting those, why? because traffic is traffic and they are in business of selling pipes?
How bad are ubiquity devices, and the state of security and firmware updates for them? I was thinking about switching to a ubiquity amplify home router from tp-link partly out of concern for this, and was hoping that their firmware and security updates would be a little more on-point. But one of their routers are on this list...
How many remember the Smurf Attack –<a href="https://en.wikipedia.org/wiki/Smurf_attack" rel="nofollow">https://en.wikipedia.org/wiki/Smurf_attack</a> ?<p>I remember claims that this type of attack was fixed forever. But physics doesn't change... Easily.