Last week’s DDoS attack on Dyn shut down portions of the internet. A DDos attack is a distributed denial of service attack. Dyn is a major DNS provider. The attack was created by a botnet that took control of a bunch of different connected cameras that still had the default passwords in use. In order to understand how to protect yourself, you need to check for vulnerabilities in your connected devices. And to do that, you need to understand what a DDos attack is and what DNS is first.
What’s a DDoS attack?
At the most basic level a distributed denial of service attack works like this. An attacker sends an onslaught of packets – essentially just garbage data – to an intended recipient. In the case of the most recent attack, the recipient was Dyn’s DNS servers. The server is overwhelmed by the garbage packets, can’t handle any new incoming connections, and eventually slows down significantly or crashes entirely. What’s new about this particular attack is that it’s now possible for an attack by a group of hijacked insecure network devices. The group of hijacked insecure network devices become a DDoS army that can work together to bring down a website.
DNS stands for Domain Name Servers. These are the internet’s equivalent of a phone book. Domain Name Servers maintain a directory of domain names and translate them to IP addresses. Without DNS, we would have to remember the IP addresses for websites instead of their easy to remember names. Google’s IP address is 220.127.116.11 but most IP addresses are far harder to remember.
Why Should I Check For Vulnerabilities in Connected Devices?
Since last week’s DDoS attack was created by a botnet that took control of a bunch of different connected cameras with default passwords, it’s important to run a scan on your own network to make sure you don’t have any devices that are essentially open and accessible to an internet hijacking. To scan if you have such devices on your network, Bullguard Security created IoT Scanner. Go to the site, click the scan button, and IoT Scanner will look for open ports on your network.
If IoT Scanner comes back saying that your network can be breached, that means some device that’s connected to your Wi-Fi network has an open port that makes it accessible from the internet. This could be on purpose if you’re running a server or have some other device that you can access from outside your home network. If you’re not doing that and IoT Scanner says your network can be breached, then it’s a good idea to contact your IT professional and see which device has that open port.
Like most tools, take the results with a grain of salt and use this as a starting point to really secure your network.