Having spent the last few months systematically scanning ~700k of these hosts, Im thinking the following could be considered: As an ISP, scan your customers netrange, and notify customers with known vulnerable devices. With regards to the current Mirai threat, theres only a handful of devices that are the most critical importance. IE, biggest fraction of the infected host pie. Maybe someday I'll get around to parsing my database and auto-emailing the abuse emails of the affected netranges. That was my intention..... but dayjob got in the way. This breaks down however when you look at the geographic distribution of infected devices. Most are in Asian countries, so there would need to be more cooperation among network operators there. On Wed, Feb 8, 2017 at 6:03 PM, Carl Byington <carl@five-ten-sg.com> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
On Wed, 2017-02-08 at 08:30 -0800, Damian Menscher wrote:
So here's a modest proposal: log in as root and brick the device.
I strongly suspect that when the problem gets bad *enough*, someone will do exactly that. Yes, it is illegal in many places. Since when has the fact that any particular act is illegal been sufficient to deter *everyone*?
People still drive while drunk.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux)
iEYEAREKAAYFAlibzdIACgkQL6j7milTFsH/WgCdEvde+zMvm8lRUyx2ay3EltZT 97kAn3Hl2tjPe2eUqiagDXxlE75OO/Xg =W+Cq -----END PGP SIGNATURE-----