DOS attacks to DNS servers in the US

[KMatle]

I've read that a big amount of IoT devices (and others) were hacked and were part of the recent DDoS attacks.http://thehackernews.com/2016/10/dyn-dns-ddos.html

What do you think about the security of IoT devices in the future?

 

[Mark Turney]

The devices that will be an issue going forward will be the hard coded ones ... termed incurable. That bodes well for B4x in that we can code (and patch) custom devices as vulnerabilities appear.

 

[Widget]

Does anyone fine it odd that these massive attacks occurred just days after ICANN took over DNS responsibilities?

 

[LWGShane]

Does anyone fine it odd that these massive attacks occurred just days after ICANN took over DNS responsibilities?

Also this:

- Oct 16: Wikileaks releases 3 of Hillary's Wall St Speeches.
- Oct 21: Massive DDoS Attack preventing people from accessing websites and social media. (Social media is what people use to share emails/info from Wikileaks.)

Too close to call this an "attack". This was an attempt at "shutting down" the Internet. I urge everyone to obtain IPs of their favorite websites, this way when the next DDoS event happens (It WILL happen. It's only a matter of time), you'll still be able to visit them. You can use Site24x7 to find the IP.

b4x.com: 67.227.218.133

All the DNS system does is allow human-readable domains to "point" to IP addresses. So, for example, "b4x.com/android/forum" is actually "67.227.218.133/android/forum"

 

[Erel]

All the DNS system does is allow human-readable domains to "point" to IP addresses. So, for example, "b4x.com/android/forum" is actually "67.227.218.133/android/forum"

You will however see a security message as the SSL certificate is tied to the host name.

 

[Beja]

You will however see a security message as the SSL certificate is tied to the host name.

Erel
After that security warning I clicked on "Advanced" then on procede anyway and was able to open b4x.
Is that hazardous?

 

[Erel]

Is that hazardous?

Not at all.

 

[Widget]

The devices that will be an issue going forward will be the hard coded ones ... termed incurable. That bodes well for B4x in that we can code (and patch) custom devices as vulnerabilities appear.

That may be fine if you have 2 or 3 devices that are hacked, but we are taking about tens of millions of devices supposedly hacked at the same time. How are you going to update them when the DNS is down?

The solution is to harden the software (as much as possible) so it can't happen in the first place.

1) If you have 20 million apps out there with a B4A app controlling a camera or some other IoT device, how do you prevent it from happening to you?
2) Do you issue 20 million SSL certificates, one for each device when the device is sold?
3) How to you prevent your app from being hacked?
4) If you don't hard code your SSL certificate in the app, where do you put it? How do you secure it?

It would be great if someone could sell/distribute 20 million B4A apps, but not so great if they wake up the next morning to discover it was hacked to take down the Internet. ROFL

 

[sorex]

I urge everyone to obtain IPs of their favorite websites, this way when the next DDoS event happens (It WILL happen. It's only a matter of time), you'll still be able to visit them.

this was the case in the 90s with dedicated hosting

today with shared hosting, virtualization technologies etc a lot of sites are bound to 1 IP address and they route based on hostname in the http headers.
Entering the ip address will lead to a dead end in most cases.

one thing that might work is adding the website's domain name to your host file with the correct IP.

I use google's 8.8.8.8 DNS and my own provider's DNS as backup.

if one fails the other might still give what I need.