Comment by helsinkiandrew
8 hours ago
> by exploiting compromised home routers and cameras, mainly in residential ISPs in the United States and other countries,
Presumably it’s possible to log the residential IP of the source of these packets.
Why isn’t there any industry group pushing for the ISPs to a) send the owners an email telling them or b) blocking off all traffic for a period to get them to do something - or is the economic cost higher than caused by the DDoS attacks?
This already happens in the Netherlands, your router will be put in quarantine mode and you have to prove that the "virus" is gone
This happened to me, at the time I thought it was strange but seeing this event happen it makes a lot more sense now
was router not provided by your own isp?
What percentage of the population would have any idea how to do this? How long does it take to go through the process? Is your work, education, and safety just put on pause during this phase?
The economic costs of that fall on the (residential) ISPs and they aren't really incurring very much cost in additional bandwidth from the outgoing attacks. In most cases it will be 0. It's not 'good', as it could affect quality to a certain extent for other subscribers and it's theoretically possible it could result in a slightly higher transit bill, but ultimately it's just not really a problem for them.
Setting up the infrastructure to email customers and tell them they've got an infected device is just going to cause the subscriber to: A) Call customer support and tie up an agent who can't really tell them much - you're also going to have to train all your CS agents on these letters and what they mean. B) Complain on faceybook/Churn off your network. or C) They'll ignore it
About one in a million will fix the issue themselves.
This is why we need an external rogue actor to send those notification emails without ISP consent.
Some of these devices are controlled by the ISP. The TMobile 5G routers for example are pretty much black box devices controlled by TMobile. The home owner can't fix the device and has very limited access (via a mobile app) to 'manage' the device.
I don't think there's a strong overlap between ISP-controlled black boxes and compromised botnet nodes. However, if there is, that just means that the ISPs should be partially held liable.
Hmm is there a haveibeenpwned for IP addresses found in botnets? Perhaps correlated at the time of known incidents.
I would like to know if I'm serving a rogue machine and not been paying attention.
That industry group would need to include the big cloud providers, and they also doesn't want to shut of abusive traffic.
Because then the ISPs have to provide support on how to secure those devices.
I will say most of the time the ISPs themselves provide the routers at residential homes
Sure, but if they now go out and say do this and that to secure them a big portion of the users will have support issues. They don't understand the instruction, the pressed the wrong button, they entered the wrong value, all sorts of things could go wrong and the ISP has to dedicate resources in fixing it while they don't gain anything in return.
1 reply →
This has always been the elephant in the room. imho, US intelligence don't want this so congress won't do it. Intelligence controls or buys these botnets when they need them, so regulation here is always impossible to push, but in other countries is more common.