Reply to post: home routers a better line of attack

No wonder we're being hit by Internet of Things botnets. Ever tried patching a Thing?


home routers a better line of attack

for many ISP's these are supplied or at least recommended devices, so pressure can be applied on a relatively small number of organisations (compared to I-Things) to produce a new firmware for them with an enhancement to their firewall / Upnp policy rules.. something along the lines of:

detect the OS of newly connected device - nmap OS scan.

If windows, default to outbound allow. That caters for the non-technical majority who (rightly) expect their windows machines to automatically work.

If linux or any embedded relation, default to outbound deny.

If you are running linux at home as an endpoint, you have clue, so you know how to go into your router and add the rules you need to use it.

If its an embedded IoThingy then it will ask the router to open ports....

At this point the router puts an HTTP capture on the browsing sessions from any windows endpoint, redirecting them to the router admin page, saying that the IoThingy asked for access, do you want to approve it? There should also then be a pre-canned rulebase to allow access to the various manufacturers sites so the Thing can do its Thingness without having full internet access. with a lookup of the Thing's mac address as well, the vendor can be resolved and a rule list suggested.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021