{"id":2031,"date":"2016-09-26T10:29:16","date_gmt":"2016-09-26T09:29:16","guid":{"rendered":"https:\/\/www.ofcourseimright.com\/?p=2031"},"modified":"2016-09-26T10:43:45","modified_gmt":"2016-09-26T09:43:45","slug":"krebs-attacked-iot-devices-blamed-and-mud-could-help","status":"publish","type":"post","link":"https:\/\/ofcourseimright.com\/?p=2031","title":{"rendered":"Krebs attacked: IoT devices blamed, and MUD could help"},"content":{"rendered":"

\"Cybercrime\"It’s rare that hackers give you a gift, but last week that\u2019s exactly what happened.\u00a0 Brian Krebs is one of the foremost security experts in the industry, and his well known web site krebsonsecurity.com<\/a> was brought down<\/a> due to a distributed denial of service (DDoS) attack.\u00a0 Attackers made use of what is said to be the largest botnet ever to attack Akamai<\/a>, Kreb\u2019s content service provider.<\/p>\n

Why would one consider this a gift?\u00a0 First of all, nobody was hurt.\u00a0 This attack took down a web site that is not critical to anyone\u2019s survival, not even Krebs\u2019, and the web site was rehomed and back online in a very short period of time.<\/p>\n

Second, the attackers revealed at least some of their capabilities by lighting up the network of hacked devices for researchers to examine and eventually take town.\u00a0 One aspect of this attack is the use of \u201cIoT\u201d devices, or non-general purpose computers that are used to control some other function.\u00a0 According to Krebs, the attacks made use of thermostats, web cameras, digital video recorders (DVRs) and, yes, Internet routers.\u00a0 The attacks themselves created an HTTP connection to the web site, retrieved a page, and closed.\u00a0 That\u2019s a resource intensive attack from the defense standpoint.<\/p>\n

Let\u2019s ask this question: why would any of \"Mudpit\"<\/a>those systems normally talk to anything other than a small number of cloud services that are intended to support them?\u00a0 This is what Manufacturer Usage Descriptions<\/a> (MUD) is meant to defend against.\u00a0 MUD works by providing a formal language and mechanism for manufacturers to specify which systems a device is designed to connect with.\u00a0 The converse, therefore, is that the network can prevent the device from both being attacked and attacking others.\u00a0 The key to all of this are manufacturer and their willingness to describe these devices.\u00a0 The evolving technical details of MUD can be found in an Internet Draft<\/a>, and you can create a test MUD file against that draft by using MUD File Maker<\/a>.\u00a0 I\u2019ll go into more detail about MUD File Maker in a later post.<\/p>\n

Would MUD eliminate all attacks?\u00a0 No, but MUD adds an additional helpful layer of protection to those manufacturers and networks should use.<\/p>\n

This time it was a blog that was taken down.\u00a0 We are in a position to reduce attacks the next time, when they may be more serious.\u00a0 That\u2019s the gift hackers gave us this time.\u00a0 Now we just need to act.<\/p>\n","protected":false},"excerpt":{"rendered":"

It’s rare that hackers give you a gift, but last week that\u2019s exactly what happened.\u00a0 Brian Krebs is one of the foremost security experts in the industry, and his well known web site krebsonsecurity.com was brought down due to a distributed denial of service (DDoS) attack.\u00a0 Attackers made use of what is said to be … Continue reading “Krebs attacked: IoT devices blamed, and MUD could help”<\/span><\/a><\/p>\n","protected":false},"author":172,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[87,536,9],"tags":[32,362,537,414,518],"class_list":["post-2031","post","type-post","status-publish","format-standard","hentry","category-internet","category-mud","category-security","tag-cybercrime","tag-cybersecurity","tag-ddos","tag-hack","tag-mud"],"_links":{"self":[{"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/posts\/2031","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/users\/172"}],"replies":[{"embeddable":true,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2031"}],"version-history":[{"count":4,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/posts\/2031\/revisions"}],"predecessor-version":[{"id":2040,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/posts\/2031\/revisions\/2040"}],"wp:attachment":[{"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2031"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2031"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2031"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}