Home » Gadgets » DDoS: 30,000 Telnet Accesses Published for IoT Devices

DDoS: 30,000 Telnet Accesses Published for IoT Devices

Monday, August 28th, 2017 | Gadgets

On Pastebin a list has been published with numerous uncertain accesses for Internet-of-Things devices. According to Ars Technica, the document has been circulating for a long time in research circles, now it is also open to the public. Last year, unsafe IoT devices were used to launch large-scale DDoS attacks against a number of popular Internet services, including the failure of Dyna's DNS service, including Amazon AWS and Netflix.
The document contains 8,232 unique IP addresses, with a total of 30,000 entries. As new devices have been added after internet-wide scans, there are some duplicates. For some IP addresses, however, there are several devices with different combinations of username and password. The security researcher Troy Hunt told Ars Technica that the published data were in principle nothing new but "make a well-known, bad situation even worse". Anyone who connects unsafe IoT devices to the network can be infected with malware after just a few minutes.

Some 1,800 devices still online
Around 1,800 of the listed devices are still online and accessible, as Victor Gevers from the Dutch GDI Foundation Ars Technica said. The passwords were changed only after the release. Most of the devices still use standard passwords, the most common is "admin" with 4,621 mentions, "123456" appears 698 times. With 782 devices a login with the user name "root" is possible without a password, the popular combination "admin: admin" comes 634 times.

It is not always the fault of unsafe devices configured with the users: many devices simply do not allow a change of the unsafe passwords, which is usually not apparent before the purchase. To tackle unsafe IoT devices, there is the controversial Bricker-Bot project. This searches for devices with standard logins and makes the devices in the long term unusable. The first botnet of surveillance cameras was discovered in 2015.

Related

PCI-Sig: PCIe-Express 5.0 comes 2019

The PCI-Sig has expressed its opinion on the future of PCI Express: PCIe

Chicago sued Trump government for immigr

In the dispute over the immigration policy of US President Donald Trump, the

Formula 1 tire Spa 2017: Red Bull goes r

03 August 2017 – 15:14 Red Bull and McLaren have taken a risky

Sinead O'connor U2

Sinead O'connor U2 Sinead O'connor U2 Vlogs dio – holy diver This feature