The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

    Mastodon

  • Twitter Updates

  • My Flickr Stream

    20140508-Delphi-2007--Project-Options--Cannot-Edit-Application-Title-HelpFile-Icon-Theming20140430-Fiddler-Filter-Actions-Button-Run-Filterset-now20140424-VMware-Fusion-6.0.3.-no-reclaimable
    More Photos

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,854 other subscribers

Archive for the ‘IoT Internet of Things’ Category

Next Entries »

Rob Graham 🦃 on Twitter: “1/x: So I bought a surveillance camera https://t.co/HbmPzrZgFK”

Posted by jpluimers on 2016/11/20

Conclusions:

  1. Always put your IoT devices behind a firewall
  2. Isolate each IoT device into it’s own “world” that can communicate as little with the rest of your networks as possible
  3. Preferably isolate each set of IoT devices that do need to communicate in their LoT (Lan of Things)
  4. Use Ad-Blockers

“1/x: So I bought a surveillance camera”: [WayBackRob Graham 🦃 on Twitter: “1/x: So I bought a surveillance camera https://t.co/HbmPzrZgFK”

Interesting: [WayBackErrata Security: Configuring Raspberry Pi as a router

Via: [WayBackPlugging in a new IP webcam. 98 seconds. infected. Wow. https://twitter.com/E… – G+ Jan Wildeboer

Interesting: [WayBackErrata Security: Configuring Raspberry Pi as a router

Of course Rob tried many webcams to find a vulnerable one. And putting telnet port 23 to the open is not the best idea, but people do that or get an indirect infection by some piece of JavaScript from an Ad-Network that searches for local vulnerable devices. That’s how the internet works!

Since Twitter and other social media ten to show the non-interesting part of a stream, here is the full one (no time to edit out the superfluous stuff):

Read the rest of this entry »

Posted in IoT Internet of Things, Network-and-equipment, Power User, Security | Leave a Comment »

Kerlink IoT station page | LoRa | Semtech

Posted by jpluimers on 2016/11/07

This can be used for TheThingsNetwork.org.

Some downloads:

Attachments
File Last modified Size
Kerlink_gateway_channel_setup_v0.2.pdf 2015-05-18 17:20 838Kb
Kerlink_gateway_installation_R7.pdf 2015-08-13 14:32 805Kb
Python_gateway_spectrum_display.zip 2015-04-09 15:54 10Kb
kerlink_IoT_LoRa_update.zip 2015-08-13 14:27 63Kb
kerlink_IoT_LoRa_update_DHCP.zip 2015-08-13 14:27 64Kb

Source: Kerlink IoT station page | LoRa | Semtech

Posted in *nix, IoT Internet of Things, LoRa - Long Range wireless communications network, Network-and-equipment, Power User, Uncategorized | Leave a Comment »

I don’t have #IoT. I have #LoT. LAN of things. 

Posted by jpluimers on 2016/10/24

Interesting thought:

I don’t have #IoT. I have #LoT. LAN of things. My gadgets have no default gateway and cannot talk to the internet. Simple. Now I’m hoping for broad supp… – Jan Wildeboer – Google+

Devices in a separate LAN (or VLAN) with no default gateway and some firewall rules to access them from your regular LAN and update them through FWUPD an open source firmware update.

Sounds like a dream? We should all make it come true!

Read I don’t have #IoT. I have #LoT. LAN of things. for more ideas.

–jeroen

Posted in IoT Internet of Things, Network-and-equipment, Power User | Leave a Comment »

The IoT strikes back again: half a million IoT devices killed DYN DNS for hours, but fixing this will be hard

Posted by jpluimers on 2016/10/22

Less than a month after The IoT strikes back: 650 Gigabit/second and 1 Terabit/second attacks by IoT devices within a week the IoT struck back again: an estimated half a million IoT devices was used to perform multiple DDoS attacks against Dyn Managed DNS that took around 11 hours to resolve.

Google DNS appears to

Google DNS appears to “live” near me in Amsterdam

High availability usually involves a mix of DNS TTL and/or BGP routing. That’s typically how CDN providers like Cloudflare work (it’s one of the reasons that global DNS servers like Google’s 8.8.8.8 appear near to you and over time routes – some MPLS – to it change). Short DNS TTL can help CDN, requires a very stable DNS infrastructure and is similar to but different fromFast Flux network.

Last months attacks were on a security researcher and a single ISP. The Dyn DNS attack affected even more internet services (not just sites like Twitter, WhatsApp, AirBnB and Github). So I’m with Bruce Schneier that Someone Is Learning How to Take Down the Internet.

Handling these attacks is hard as the DDoS mitigation firms simply cannot handle the sudden increase of attack sizes yet. BCP38 should be part of mitigation, but the puzzle is big and fixing it won’t be easy though root-causes of bugs change as a lot of research is in progress.

I’m not alone in expecting it to get worse though before getting better.

On the client side, I learned that many users could cope by changing their DNS servers to either of these Public DNS Servers:

  • OpenDNS 208.67.222.222, 208.67.220.220, 208.67.222.220, 208.67.220.222
    • OpenDNS does a good job of handing “last known good” IPs when they can’t resolve.
  • Google Public DNS 8.8.8.8, 8.8.4.4
  • Level 3 DNS 4.2.2.1, 4.2.2.2, 4.2.2.3, 4.2.2.4, 4.2.2.5, 4.2.2.6

Some more interesting tidbits on the progress and mitigation on this particular attack are the over time heat-maps of affected regions and BGP routing changes below.

Read the rest of this entry »

Posted in CDN (Content Delivery Network), Cloud, Cloudflare, DNS, Hardware, Infrastructure, Internet, IoT Internet of Things, Network-and-equipment, Opinions, Power User | Leave a Comment »

The IoT strikes back: 650 Gigabit/second and 1 Terabit/second attacks by IoT devices within a week

Posted by jpluimers on 2016/09/30

Many people – me included – complain about the sadness of IoT device security.

It seems the hackers found out it’s time to take advantage of that as within a week both these attacks by IoT devices took place:

The first already suspected IoT devices, the latter confirmed it were ~ 150-thousand hijacked cameras and DVRs [WayBack] performing the attack.

Or in short:

The IoT strikes back

Few parties can cope with this kind of traffic (Akamai had to stop their pro bono servicing of Krebs on Security; it took a few days and a lot of effort for Google’s Project Shield to take over).

So I’ve a few questions for anyone running IoT devices:

  1. How secure are your IoT devices?
  2. Have you confined them to a network that’s easily filtered/shut-down in case of emergency?

Edit 20161004:

–jeroen

Source: Da ist einiges neu an dem Fall: 1) Ein bisher unbekanntes Botnetz. a) Das neue…

Posted in IoT Internet of Things, Network-and-equipment, Power User | 1 Comment »

Jark/FTDISample: Note: As of version 10556.0 the ftdi driver does no longer seem to work. A sample application showcasing the FTDI D2XX driver use in Windows Universal projects (UWP). This sample is tested on the Raspberry PI 2 with Windows IOT installed and a FTDI FT232R usb-to-serial adapter.

Posted by jpluimers on 2016/09/22

Source: Jark/FTDISample: Note: As of version 10556.0 the ftdi driver does no longer seem to work. A sample application showcasing the FTDI D2XX driver use in Windows Universal projects (UWP). This sample is tested on the Raspberry PI 2 with Windows IOT installed and a FTDI FT232R usb-to-serial adapter.

Yeah, I couldn’t get this working either. I’m not sure where ReadTimeout is actually used by the SerialDevice class internally. But I did end up getting something working by copying the timeout to a

Source: c# – Unable to use SerialDevice.ReadTimeout in Windows 10 IoT – Stack Overflow

Source: Raspberry Pi • View topic – Windows 10 IoT Core Simple Serial Example not working

Posted in Development, IoT Internet of Things, Network-and-equipment, Power User, Software Development | Leave a Comment »

From the #alleskaputt -Dept: Hotel, Internet of Shit Switches, Predictable IP… boom!

Posted by jpluimers on 2016/04/01

From the #alleskaputt -Dept: Hotel, Internet of Shit Switches, Predictable IP Addresses (== Room Number) and no security. Right. – Kristian Köhntopp – Google+

referring to: mjg59 | I stayed in a hotel with Android lightswitches and it was just as bad as you’d imagine

And then I noticed something. My room number is 714. The IP address I was communicating with was 172.16.207.14. They wouldn’t, would they?

Then you get this:

Read the rest of this entry »

Posted in #alleskaputt, Development, IoT Internet of Things, Network-and-equipment, Power User | Leave a Comment »

Next Entries »