how iot is breaking the internet
TRANSCRIPT
Intelligent DNS & Traffic ManagementIntelligent DNS & Traffic Management
November 16th, 2016
Carl Levine | Senior Technical Evangelist
How IoT is Breaking The Internet
INTRODUCTION.
Precision control over Internet TrafficAt NS1, we push the boundaries of DNS and traffic management to improve application performance and deliver an exceptional user experience.
We’re engineers and we love automation and seamless integrations in our stack. We’ve built NS1 for engineers who are building applications at scale, where automation is critical.
Eat, Breathe, SleepDNSSenior Technical Evangelist at NS1
New Hampshire native(1 wife, 3 dogs, 2 cats, umpteen chickens)
@stuffcarlsays on Twitter
CONTEXT.
What is theInternet of Things?Everyday things in our lives are becoming instrumented with technology to allow us to connect and interact with them in ways never imagined before.
Peace of mind, convenience, energy savings, and countless other advantages are gained by connecting everyday things to the Internet, leveraging a wider pool of data to ultimately improve our quality of life.
By 2020, it’s estimated that there will be 20 billion IoT devices in the wild.
What is theDomain Name System?At the core of today’s Internet is a hierarchical database that maps names to IP addresses – this is the Domain Name System.
example.com
Recursive Server Root Server
.com TLD Server
Authoritative Server
What is aDenial Of Service Attack?Cyber attack where a connected resource is temporarily or indefinitely made unavailable.
Typically executed by sending superfluous queries to a specific resource in an effort to inhibit normal operation.
Bandwidth Provider
Data Center
Legitimate Traffic
Superfluous Traffic
How does a DDoS affectDNS resolution?When a DDoS is hatched against an authoritative DNS provider, the outcomes can be far more devastating to a greater number of users.
The ability to return pertinent information about a domain is compromised, and users are left with either inordinate amounts of latency or worse, no resolution at all.example.com
Recursive Server Root Server
.com TLD Server
Authoritative Server
DDoS!!!
What is abotnet?A botnet is a network of remotely controlled clients, armed with a malicious software package that serves to initiate and fuel distributed denial of service attacks.
IN PRACTICE.
How do DDoS attackstake advantage of IoT?As we explored earlier, everyday things in our lives are getting instrumented with connectivity.
If all of these devices were to become compromised, act like a botnet… what could happen?
This is no longer a question of if, because it happened not once or twice… thrice in recent times.
How do DDoS attackstake advantage of IoT?The Mirai malware that was installed into unprotected IoT devices has hatched several small scale attacks and three major events in recent history.
Bandwidth Provider
Data Center
Legitimate Traffic
MiraiRound 1.Amplification Attack against krebsonsecurity.com’s infrastructure.
Began around 8pm Eastern, September 20th
Website was unavailable
.62
TB/sec
MiraiRound 1.
.62
TB/sec
x 31,000
MiraiRound 2.Amplification attack against OVH Telekom – German ISP
Multiple attacks exceeding 100 Gbps simultaneously concurring at 1 Tbps DDoS attack.
~1TB/sec
~1TB/sec
$ dig cpsc.gov ANY
MiraiRound 2.
~1TB/sec
x 50,000
MiraiRound 3.Multi-factored attack against Dyn, Friday October 21, 2016 from approximately 11:10 UTC to 13:20 UTC and then again from 15:50 UTC until 17:00 UTC
Affected many major web properties with severe latency or unavailability
1.2
TB/sec
1.2
TB/secMiraiRound 3.Impacted Dyn’s direct customers who leverage their authoritative DNS service.
Impacted users of services who leverage Dyn’s authoritative DNS service.
One of the biggest DDoS attacks in the history of the Internet
1.2
TB/secMiraiRound 3.
x 60,000
What if these attacks were aimedat the root name servers?Cascading DNS failures would run rampant.
Worst case scenario.
Thankfully, the root name server architecture is much more distributed, and there are measures in place to deal with this if it did come to pass.
What is the motiviationbehind these attacks?
PREVENTION.
What can I do to prevent thisas an IoT user?Change default passwords IMMEDIATELY
Use a home gateway device such as Cujo (getcujo.com)
What is the industry doingabout this?There’s no standards body managing IoT security
Discussions are ongoing among operators to find a common ground.
What can I do as an operatorto mitigate risk?Redundant DNSDual DNSDDoS Mitigation
CONCLUSION + Q&A.
Key takeaways for good citizensof the internet.Remain hyper-vigilant around securing your devices
Look for redundancy at all layers of the stack
Share this knowledge with anyone and everyone
com@nsoneinc