nanog mailing list archives
Re: 600,000 routers bricked
From: Matt Erculiani <merculiani () gmail com>
Date: Mon, 3 Jun 2024 11:40:31 -0600
It's important to note though that if you quietly (or even publicly) patch 600k devices to fix a bug, nobody cares. Plus, doing so is still a crime: it's 600k instances of accessing a computer system without permission. It's also far, FAR easier to write a stream of 0s to the bootloader than it is to decompile and debug bad firmware. Now if you brick the 600k devices, it gets attention. I'm NOT saying this is the appropriate or morally righteous thing to do, but like any other form of protest, the point is not to solve a single instance of a problem, it's to draw attention to the wider systemic issue: some ISPs not patching or life-cycling their CPEs. Depriving access to the Internet (and potentially 911) to 600k households is still wrong, no matter the intent. -Matt On Mon, Jun 3, 2024 at 11:10 AM Matthew Petach <mpetach () netflight com> wrote:
I'm sorry, but if you have the wherewithal to commandeer 600,000 devices well enough to permanantly brick them, you have the wherewithal to commandeer them and load a patched version of software on them closing up the vulnerability. If there's no fixed version of software available for the platform, then you cannot fault the ISP for not patching the devices. If there IS a fixed version of the software available, this person should have used the botnet c2 to distribute and apply the fixed firmware, thus solving the problem while not killing connectivity for innocent end users. The decision to take destructive action is indefensible. The right choice should been to update the devices with patched software if it was available, and if it wasn't, to leave them alone and instead focus on trying to develop a fixed version of software. Now, if they were simply inept, and were trying to load fixed software onto the devices but failed to test their process adequately first, then at least their heart was in the right place, even if their understanding of how to do large-scale firmware upgrades safely wasn't. But that's certainly not what that article would lead us to suspect was the intended outcome. Matt On Sun, Jun 2, 2024, 16:47 Dave Taht <dave.taht () gmail com> wrote:https://www.linkedin.com/pulse/600000-families-using-one-internet-provider-have-routers-bruce-perens-geedc/ -- https://www.youtube.com/watch?v=BVFWSyMp3xg&t=1098s Waves Podcast Dave Täht CSO, LibreQos
-- Matt Erculiani
Current thread:
- 600,000 routers bricked Dave Taht (Jun 02)
- Re: 600,000 routers bricked Josh Luthman (Jun 02)
- Re: 600,000 routers bricked Dave Taht (Jun 02)
- Re: 600,000 routers bricked Alan Buxey (Jun 03)
- Re: 600,000 routers bricked Tom Beecher (Jun 02)
- RE: 600,000 routers bricked Howard, Lee via NANOG (Jun 03)
- Re: 600,000 routers bricked Tom Beecher (Jun 03)
- RE: 600,000 routers bricked Howard, Lee via NANOG (Jun 03)
- Re: 600,000 routers bricked Matthew Petach (Jun 03)
- Re: 600,000 routers bricked Matt Erculiani (Jun 03)
- Re: 600,000 routers bricked Christopher Morrow (Jun 03)
- RE: 600,000 routers bricked Robert Jacobs (Jun 03)
- Re: 600,000 routers bricked John Levine (Jun 04)
- Re: 600,000 routers bricked Matt Erculiani (Jun 03)
- Re: 600,000 routers bricked Josh Luthman (Jun 02)