nanog mailing list archives
Re: 600,000 routers bricked
From: Tom Beecher <beecher () beecher cc>
Date: Mon, 3 Jun 2024 11:06:38 -0400
Lumen’s Black Lotus Labs detected the event; the post answers all of your concerns.
The source document from Black Lotus details the behavior of the malware used to brick the equipment. It does NOT make any statements or claims that the targeted devices were being used in botnet activity, which is the accusation made by Mr. Perens in his post. On Mon, Jun 3, 2024 at 9:27 AM Howard, Lee <LeeHoward () hilcostreambank com> wrote:
In the second paragraph, he cites his source: https://blog.lumen.com/the-pumpkin-eclipse/ Lumen’s Black Lotus Labs detected the event; the post answers all of your concerns. Further, they remark that this was an especially sophisticated infection, that hid its tracks well. Lee *From:* NANOG <nanog-bounces+leehoward=hilcostreambank.com () nanog org> *On Behalf Of *Tom Beecher *Sent:* Sunday, June 2, 2024 4:23 PM *To:* Dave Taht <dave.taht () gmail com> *Cc:* NANOG <nanog () nanog org> *Subject:* Re: 600,000 routers bricked *This message is from an EXTERNAL SENDER - be CAUTIOUS, particularly with links and attachments.* That post from Mr. Perens about this is honestly really shitty. 1. Is he right that Lumen has to shoulder blame for not keeping CPE updated with exploit free software? Certainly. 2. Making a claim that all 600k of these routers were being used as botnet zombies without any supporting evidence is really poor form. 3. Even if we assert that 50% of these devices were exploited for botnet activity, that means 50% WEREN'T. We shouldn't be applauding 300k people/businesses that just had their internet connectivity yeeted away from them through zero fault or their own. 4. "I've never heard of these router manufactures" is exceptionally ignorant. ActionTec has been around since the early 90s. Sagemcom wasn't someone I've heard of before , but so what. Yes, CPE provided by ISPs can be a problem. But applauding asshats who bricked all this stuff as some noble event that should be "applauded" as he says is really, really stupid. It's not going to meaningfully move the needle with how ISPs handle this stuff, and all it did was inconvenience a LOT of end users. On Sun, Jun 2, 2024 at 4:04 PM Dave Taht <dave.taht () gmail com> wrote: https://www.linkedin.com/pulse/600000-families-using-one-internet-provider-have-routers-bruce-perens-geedc/ -- https://www.youtube.com/watch?v=BVFWSyMp3xg&t=1098s Waves Podcast Dave Täht CSO, LibreQos
Current thread:
- 600,000 routers bricked Dave Taht (Jun 02)
- Re: 600,000 routers bricked Josh Luthman (Jun 02)
- Re: 600,000 routers bricked Dave Taht (Jun 02)
- Re: 600,000 routers bricked Alan Buxey (Jun 03)
- Re: 600,000 routers bricked Tom Beecher (Jun 02)
- RE: 600,000 routers bricked Howard, Lee via NANOG (Jun 03)
- Re: 600,000 routers bricked Tom Beecher (Jun 03)
- RE: 600,000 routers bricked Howard, Lee via NANOG (Jun 03)
- Re: 600,000 routers bricked Matthew Petach (Jun 03)
- Re: 600,000 routers bricked Matt Erculiani (Jun 03)
- Re: 600,000 routers bricked Christopher Morrow (Jun 03)
- RE: 600,000 routers bricked Robert Jacobs (Jun 03)
- Re: 600,000 routers bricked John Levine (Jun 04)
- Re: 600,000 routers bricked Matt Erculiani (Jun 03)
- Re: 600,000 routers bricked Josh Luthman (Jun 02)