Thus spake Patrick W. Gilmore (patrick@ianai.net) on Sun, Sep 25, 2016 at 05:57:42PM -0400:
On Sep 25, 2016, at 5:50 PM, ryan landry <ryan.landry@gmail.com> wrote:
On Sun, Sep 25, 2016 at 9:07 PM, Mark Andrews <marka@isc.org> wrote:
This is such a golden opportunity for each of you to find compromised hosts on your network or your customer's network. The number of genuine lookups of the blog vs the number of botted machine would make it almost certain that anything directed at the blog is a compromised machine. A phone call to the customer / further analysis would reduce the false positive rate.
Mark
i wish you luck with that. explaining to grandma that her samsung smart tv has been rooted and needs to be updated should be good fun.
for isp's it's a resourcing vs revenue problem. always has been. always will be. far more inclined to hold liable the folks that are churning out terribly dangerous cpe / IoT(shit). surely some regulatory body is looking into this.
Yeah, ‘cause that was so successful in the past.
Remember University of Wisconsin vs. D-Link and their hard-coded NTP server address?
Interestingly, this was just recently looked at again for the Internet of Things Software Update Workshop (IoTSU). See: http://pages.cs.wisc.edu/~plonka/iotsu/IoTSU_2016_paper_25.pdf 3,564 devices still remain. best, Dale