Umrežen Blog Blog o umrežavanju i internetu. Tutorijali, SpeedTest, Merenje Brzine interneta, Telekom ADSL, Telenor, VIP, Sbb, Orion.
Zdravo svima!
Kao što ste manje više čuli tokom prethodnih dana u skoro svim informativnim sadržajima se pojavila vest o velikom prekidu interneta koji je rezultovao praktično potpunim kolapsom na Istočnoj obali SAD. E, sad, barem ja nisam bio zadovoljan informacijama koje sam pročitao, pa sam se malo informisao i što sam saznao preneću i vama. Naavno, ovo je već sada bajata vest, ali zbog obaveza nisam stigao da pišem ranije ( ipak sa 2 mala monstruma u kući slobodno vreme praktično da i ne postoji).
E, sad ključno pitanje: Šta se zaista desilo kada je sve stalo? Pa jednostavno rečeno ništa specijalno. Ništa genijalno. Najobičniji DDoS napad. Pa se vi sad zapitate:“ Ako je ništa specijalno, kako onda stade internet polovini Amerike? Aj’ da se to desilo u Srbiji pa i da prođe, ali Amerika…?“
Pa u celoj priči postoji dve ključne reči:
- IoT
- Mirai Bot-Net
IoT je skraćenica od „Internet of Things“. Dakle, pored konvencionalnih uređaja koji se šetkaju po internetu postoje i „stvari“. E, pod ove stvari spadaju svi „pametni“ uređaji, od kamera i DVR-ova do frižidera a možda i pegli. Dakle, sve što nije PC, telefon, tablet,ruter a ima izlaz na net spada u prethodno pomenute „stvari“, jer na kraju krajeva po nameni i jeste pokućstvo – stvar.
Mirai Bot-Net je kako i samo ime kaže, mreža botova/uređaja nad kojima je delimično ili potpuno preuzeta kontrola, i kao takvi se koriste za teledirigovane napade. Ovakve usluge možete zakupiti da dark-webu. Za razliku od standardnih bot-netova, Mirai je imao jednu genijalnu ideju iza sebe. Umesto da targetira računare, servere i slično, nameračio se na gore spomenute IoT uređaje. Sama logika koja se našla u kodu, koji je javno objavio Anna-Senpai, vrtela je sledeće user/pass kombinacije
root xc3511 root vizxv root admin admin admin root 888888 root xmhdipc root default root juantech root 123456 root 54321 support support root (none) admin password root root root 12345 user user admin (none) root pass admin admin1234 root 1111 admin smcadmin admin 1111 root 666666 root password root 1234 root klv123 Administrator admin service service supervisor supervisor guest guest guest 12345 guest 12345 admin1 password administrator 1234 666666 666666 888888 888888 ubnt ubnt root klv1234 root Zte521 root hi3518 root jvbzd root anko root zlxx. root 7ujMko0vizxv root 7ujMko0admin root system root ikwb root dreambox root user root realtek root 00000000 admin 1111111 admin 1234 admin 12345 admin 54321 admin 123456 admin 7ujMko0admin admin 1234 admin pass admin meinsm tech tech mother f**er [censored]
i gde prođe preuzimala kontrolu. Da rezimiramo, nije bilo dugotrajnih pokušaja provaljivanja, već jednostavno gde god su ostali default user/pass komboi, taj uređaj je „učlanjen“ u bot-net ( zauzet pristup telnetom, SSH ili HTTP/S-om, onemogućeni ovi servisi vlasniku uređaja). Šta je sad tu bilo tako spektakularno. Pa očigledno broj uređaja. Neka nagađanja renomiranih svetskih analitičara su da će tokom 2016 broj IoT uređaja dostići 6.4 milijarde. Dakle, neka nam je svima Bog u pomoći.
Koga je Mirai zaobišao u širokom luku:
127.0.0.0/8 - Loopback 0.0.0.0/8 - Invalid address space 3.0.0.0/8 - General Electric (GE) 15.0.0.0/7 - Hewlett-Packard (HP) 56.0.0.0/8 - US Postal Service 10.0.0.0/8 - Internal network 192.168.0.0/16 - Internal network 172.16.0.0/14 - Internal network 100.64.0.0/10 - IANA NAT reserved 169.254.0.0/16 - IANA NAT reserved 198.18.0.0/15 - IANA Special use 224.*.*.*+ - Multicast 6.0.0.0/7 - Department of Defense 11.0.0.0/8 - Department of Defense 21.0.0.0/8 - Department of Defense 22.0.0.0/8 - Department of Defense 26.0.0.0/8 - Department of Defense 28.0.0.0/7 - Department of Defense 30.0.0.0/8 - Department of Defense 33.0.0.0/8 - Department of Defense 55.0.0.0/8 - Department of Defense 214.0.0.0/7 - Department of Defense
Slika u slici, nije bitan kvalitet napada već kvantitet, što je jel’te i izvorna ideja DDoS-a. Zaobiđi sve koji bi se možda zapitali šta ti skeniraš….
Kako se ovo desilo? Pa eto, svi ovi „pametni“ uređaji rade na nakoj verziji osakaćenog Linux-a. Osakaćen = nebezbedan? Ne! Default user/pass = nebezbedan.
Pitanje:“ Kako niko to nije prepoznao na vreme i sprečio?“ Pa postoji još jedna slatka sitnica, sam napad je napravljen tako da saobraćaj neodoljivo podseća na GRE tuneling. Dakle, standardni mehanizmi ( čitaj NOC Dyn-a, ljudski faktor) su tu malo zakazali, jer ipak je negde, nekada, nekome trebalo biti čudno da se ka sopstvenom AS-a uspostavlja 620 Gbps GRE saobraćaja.
Sledeće pitanje:“ Ko je ovo smislio?“. Po svemu sudeći braća Rusi, jer se u pojedinim delovima koda pojavljuju reči
пользователь i пароль . Ili možda ne? Da pored kompletnog koda koji je na engleskom ostanu 2 reči jer su zaboravili da maskiraju/prevedu baš ovo? Šanse za tako nešto su sledeće:
skretanje pažnje sa pravih tvoraca koda ili upozorenje Amerima od Baćuški. Kako god, ne bih zalazio u teorije zavere.
Šta sad? Pa pošto je kod javno dostupan, možete očekivati eksploziju „hakera“, uglavnom 12-16-ogodišnjaka koji će uz malo znanja modifikovati kod, i praviti sitne/lokalne napade.A ima i druga strana. Neki profi mračni likovi će ovo modifikovati na neki potpuno neočekivani način, i opet će internet stati. Kad? To niko ne može da zna.
Kako se zaštititi? Promenite defaultne usere i passove na svemu što vam je izloženo internetu. Bar to, da ne tupim oko firewall-a i access listi.
Paralelno sa ovim sam i ja kod mene kući na ruteru primetio da mi jedna dinamička lista ( koja inače ima 200-300 adresa) sada čarobno ima 7500+ adresa. Ako vas zanima koji su to uređaji najčešće „zaposednuti“ evo nekoliko adresa sa mog rutera:
- 77.222.159.128
- https://blountgis.net/blountgis/ IP 204.63.176.131
- 188.214.209.85
- 212.156.219.193
Slobodno ove adrese gađajte browserom, samo loading je jeko spor jer ti uređaji i dalje dosta saobraćaja guraju.
Šta očekivati? Ja samo mogu da kažem – “Bashlight”
Fitspresso is a brand-new natural weight loss aid designed to work on the root cause of excess and unexplained weight gain. The supplement uses an advanced blend of vitamins, minerals, and antioxidants to support healthy weight loss by targeting the fat cells’ circadian rhythm
Very nice post and right to the point. I am not sure if this is truly the best place to ask but do you people have any thoughts on where to hire some professional writers? Thanks in advance 🙂
Fitspresso is a brand-new natural weight loss aid designed to work on the root cause of excess and unexplained weight gain. The supplement uses an advanced blend of vitamins, minerals, and antioxidants to support healthy weight loss by targeting the fat cells’ circadian rhythm
I am not certain the place you’re getting your information, but great topic. I needs to spend a while finding out much more or figuring out more. Thank you for fantastic info I was on the lookout for this information for my mission.
Hello, i think that i saw you visited my blog so i came to “return the favor”.I’m attempting to find things to improve my website!I suppose its ok to use a few of your ideas!!
I love it when people come together and share opinions, great blog, keep it up.
naturally like your web site but you need to check the spelling on quite a few of your posts. Several of them are rife with spelling problems and I to find it very bothersome to inform the reality on the other hand I will surely come again again.
Hello, i believe that i saw you visited my web site thus i came to “go back the choose”.I am attempting to find issues to improve my website!I suppose its adequate to use some of your ideas!!
Pretty nice post. I just stumbled upon your weblog and wished to say that I have really enjoyed browsing your blog posts. After all I will be subscribing in your rss feed and I’m hoping you write again soon!
Hello. magnificent job. I did not imagine this. This is a excellent story. Thanks!
Some genuinely nice and utilitarian info on this web site, also I conceive the layout has good features.
Pretty section of content. I simply stumbled upon your web site and in accession capital to assert that I get actually loved account your blog posts. Anyway I’ll be subscribing to your augment or even I achievement you access persistently rapidly.
Hey there! Do you know if they make any plugins to help with SEO? I’m trying to get my blog to rank for some targeted keywords but I’m not seeing very good gains. If you know of any please share. Thanks!
I would like to point out my appreciation for your kind-heartedness giving support to men and women that need assistance with the content. Your special dedication to passing the message around was pretty interesting and has without exception helped guys and women like me to attain their endeavors. Your warm and helpful facts can mean much a person like me and additionally to my office colleagues. Thank you; from each one of us.
Loving the information on this internet site, you have done outstanding job on the articles.
This site is my inspiration , really fantastic style and design and perfect subject material.
I got what you intend,saved to bookmarks, very decent site.
I’ve been absent for a while, but now I remember why I used to love this blog. Thanks , I’ll try and check back more frequently. How frequently you update your web site?
I wish to express my gratitude for your kind-heartedness giving support to people who absolutely need help with this one situation. Your very own dedication to passing the message all around appeared to be astonishingly effective and has constantly enabled many people like me to attain their ambitions. Your own warm and helpful tutorial means much to me and extremely more to my mates. Thanks a ton; from each one of us.
Hiya, I am really glad I have found this information. Today bloggers publish only about gossips and net and this is really irritating. A good website with exciting content, that’s what I need. Thanks for keeping this web-site, I will be visiting it. Do you do newsletters? Can’t find it.
Regards for all your efforts that you have put in this. very interesting info .
Hello there! Do you know if they make any plugins to assist with Search Engine Optimization? I’m trying to get my blog to rank for some targeted keywords but I’m not seeing very good gains. If you know of any please share. Thanks!
I am glad to be a visitant of this unadulterated site! , thankyou for this rare information! .
It?¦s really a cool and helpful piece of information. I?¦m happy that you simply shared this helpful info with us. Please stay us up to date like this. Thanks for sharing.
Woah! I’m really loving the template/theme of this blog. It’s simple, yet effective. A lot of times it’s hard to get that „perfect balance“ between superb usability and appearance. I must say that you’ve done a very good job with this. Additionally, the blog loads very quick for me on Firefox. Exceptional Blog!
I like what you guys are up too. Such intelligent work and reporting! Keep up the excellent works guys I¦ve incorporated you guys to my blogroll. I think it will improve the value of my site 🙂
I really appreciate this post. I¦ve been looking everywhere for this! Thank goodness I found it on Bing. You’ve made my day! Thx again
Youre so cool! I dont suppose Ive learn anything like this before. So nice to find someone with some unique ideas on this subject. realy thank you for starting this up. this web site is something that is wanted on the web, somebody with a bit of originality. helpful job for bringing something new to the internet!
Spot on with this write-up, I actually assume this web site needs far more consideration. I’ll probably be once more to learn much more, thanks for that info.
Attractive component of content. I just stumbled upon your weblog and in accession capital to assert that I get actually loved account your blog posts. Anyway I’ll be subscribing to your feeds or even I achievement you get entry to persistently quickly.
I cherished up to you will receive performed right here. The sketch is tasteful, your authored material stylish. however, you command get bought an nervousness over that you want be delivering the following. sick indubitably come more before again since exactly the similar nearly very continuously inside case you shield this increase.
Hi everyone, it’s my first pay a quick visit at this web site, and post is actually fruitful in support of me,
keep up posting these types of articles.
News
Howdy! Do you know if they make any plugins to assist with SEO?
I’m trying to get my website to rank for some targeted keywords but I’m not seeing very good success.
If you know of any please share. Thanks! You can read
similar blog here: blogexpander.com
Greetings from Carolina! I’m bored to tears at work so I decided
to check out your blog on my iphone during lunch break.
I love the information you provide here and can’t wait to take a look when I get home.
I’m surprised at how fast your blog loaded on my cell phone ..
I’m not even using WIFI, just 3G .. Anyways, superb blog!
Very rapidly this web site will be famous among all blog
people, due to it’s fastidious content
Its like you read my mind! You appear to know a lot about this, like you wrote the book
in it or something. I think that you could do with some pics to drive the message
home a bit, but instead of that, this is wonderful blog.
An excellent read. I will definitely be back.
I’m gone to say to my little brother, that he should also pay a quick
visit this web site on regular basis to take updated from hottest news.
Hello there! Do you know if they make any plugins to help with Search Engine Optimization? I’m trying to get my website to rank for some targeted keywords but I’m
not seeing very good results. If you know of any please share.
Appreciate it! I saw similar blog here: Escape rooms
I know this website offers quality based articles and additional
data, is there any other web page which presents these kinds of
things in quality?
Nintendo website-maintenance
Excellent write-up
Wow, fantastic blog structure! How lengthy have you ever been running a blog for?
you made running a blog glance easy. The full look of your web site is great,
as smartly as the content material! I read similar here prev next and that was wrote by Merry72.
Wow, wonderful blog format! How lengthy have
you ever been blogging for? you make running a blog glance easy.
The whole glance of your web site is excellent, let
alone the content material! You can see similar here prev next
and that was wrote by Felton08.
Wow, wonderful weblog layout! How long have you ever been blogging for?
you make blogging look easy. The full look of your website is excellent, as neatly as the content!
You can read similar here prev next and it’s was wrote by Arleen88.
Wow, awesome weblog structure! How long have you been blogging for?
you make blogging glance easy. The overall glance
of your web site is great, let alone the content material! You can see similar here prev next and those was wrote by Cody91.
Wow, superb weblog layout! How lengthy have you ever been blogging
for? you make running a blog glance easy. The total glance of your website is magnificent, as neatly
as the content! You can see similar here najlepszy sklep
Wow, superb weblog format! How lengthy have you ever been running a blog for?
you made blogging look easy. The full glance of
your website is excellent, let alone the content!
You can see similar here sklep internetowy
Hi! Do you know if they make any plugins to help with SEO?
I’m trying to get my site to rank for some targeted keywords but I’m not seeing very good success.
If you know of any please share. Cheers! I saw similar article here: Backlink Building
Hello there! Do you know if they make any plugins to assist with Search Engine
Optimization? I’m trying to get my blog to rank for some targeted keywords but I’m not seeing very good success.
If you know of any please share. Cheers! You can read similar
text here: Najlepszy sklep
Hello! Do you know if they make any plugins to help with
Search Engine Optimization? I’m trying to get my blog to rank for some targeted keywords
but I’m not seeing very good results. If you know of any please share.
Kudos! You can read similar article here: Najlepszy sklep
After going over a number of the blog posts on your site, I really appreciate your technique of
writing a blog. I book marked it to my bookmark site list and will be checking back soon. Please check out my
website as well and let me know how you feel. I saw similar
here: Najlepszy sklep
My partner and I stumbled over here coming from a
different web address and thought I might check things out.
I like what I see so now i’m following you.
Look forward to going over your web page repeatedly.
I saw similar here: Najlepszy sklep
There is definately a lot to learn about this subject.
I love all the points you’ve made. I saw similar here:
najlepszy sklep and also here: e-commerce
Wow, awesome weblog structure! How long have you been blogging
for? you make running a blog look easy. The total glance of your
site is excellent, let alone the content! You can see
similar: ecommerce and here dobry sklep
Pozdrav,
Izvini sto trolujem ovu temu,al najsvezija je pa ces mozda brzo odgovoriti.Imam kucni Plex server postavljen na racunar koji je povezan sa tenda wifi ruterom na telekomov zte h168n.Sve super radi,smart tv sa plex aplikacijom,tableti telefoni ma extra.Medjutim,kada pokusam remote acces da namestim,nema sanse,cak I ako uradim portforward…mozda ga ne odradim kako treba,e zato mi ti objasni kako ovo da izvedem,s obzirom da treba da odem u nemacku da zivim.Tamo bi naravno koristio server odavde na smart tv..izvini I unapred hvala.
Pozdrav,Aca
Imas dupli NAT. Moras da forwardujes portove i na ZTE i na Tendi.
Ukoliko imas VDSL, onda si verovatno iza TRIPLE NAT-a 🙂