Dismiss Notice
Join Physics Forums Today!
The friendliest, high quality science and math community on the planet! Everyone who loves science is here!

DOS attack via IOT - boundaries of internet?

  1. Oct 25, 2016 #1

    Stephen Tashi

    User Avatar
    Science Advisor

    The recent news about a denial-of-service attack (DOS) that came via the internet-of-things (IOT) https://www.cnet.com/how-to/ddos-iot-connected-devices-easily-hacked-internet-outage-webcam-dvr/ brings up the question: How are the boundaries between "the internet" and other forms digital wireless communication implemented? For example, I assume that my (cheap) indoor-outdoor digital thermometer uses some form of wireless digital communication that is not part of "the internet".

    We could imagine a science-fiction scenario where thousands of small physical devices are smuggled into a country and used to attack the internet via the IOT thus by-passing efforts to secure the web by securing legitimate consumer products that are on the IOT. Is that scenario based on a misunderstanding of how the boundaries of the "the internet" are implemented?
     
  2. jcsd
  3. Oct 25, 2016 #2

    Borg

    User Avatar
    Science Advisor
    Gold Member

    Thousands of IOT devices would be a drop in the bucket compared to the millions that are part of the drone network. Manufacturers need to stop allowing any form of default or weak passwords so that people won't be able to put unsecured devices on the internet.
     
  4. Oct 25, 2016 #3

    russ_watters

    User Avatar

    Staff: Mentor

    I'm not completely clear about the thrust of your question, but in order for a device to attack a website/service on the the internet, the device has to be connected to the internet. So I guess that's the "boundary" (though the word makes no sense to me in this context). Just bringing a bunch of devices into the country doesn't mean they can do anything if they aren't connected to the Internet.
     
  5. Oct 25, 2016 #4

    Stephen Tashi

    User Avatar
    Science Advisor

    My question amounts to: What capability must a device have in order to be "connected to the internet" ?
     
  6. Oct 25, 2016 #5

    russ_watters

    User Avatar

    Staff: Mentor

    Yeah, that seems like a pretty easy fix to me. Verizon's router/modem/switches, for example, have a unique/legitimate password pre-coded into the device and printed on a sticker on the side. To sell a router/modem/switch with a default "Admin" and "Password" account is just really stupid/lazy.
     
  7. Oct 25, 2016 #6

    russ_watters

    User Avatar

    Staff: Mentor

    A wire or wifi or cell phone transmitter/receiver and something to connect to that is connected to the internet and allows the connection.

    I'm maybe a bit confused about your level of knowledge here: what sort of device are you using to make these posts? A computer? A cell phone? Don't you know how they connect to the internet?
     
  8. Oct 25, 2016 #7

    Stephen Tashi

    User Avatar
    Science Advisor

    I agree, but what's an estimate for the number of devices that participated in the recent DOS attack ?
     
  9. Oct 25, 2016 #8

    Borg

    User Avatar
    Science Advisor
    Gold Member

    Hard to say but it was definitely in the millions given the amount of requests that were hammering the servers.
     
  10. Oct 25, 2016 #9

    Stephen Tashi

    User Avatar
    Science Advisor

    No, I don't know exactly.

    For example, I think there is an agreement among manufacturers of ethernet devices that gives each device a unique MAC address. But I don't know that there is any enforcement in the implementation of the internet that can detect if the MAC address that a device claims to have is one assigned by a legitimate manufacturer.
     
  11. Oct 25, 2016 #10

    russ_watters

    User Avatar

    Staff: Mentor

    Let's start very basic: What kind of device are you using to make these posts?
     
  12. Oct 25, 2016 #11

    Stephen Tashi

    User Avatar
    Science Advisor

  13. Oct 25, 2016 #12

    Stephen Tashi

    User Avatar
    Science Advisor

    No, Let's not start that basic !
     
  14. Oct 25, 2016 #13

    russ_watters

    User Avatar

    Staff: Mentor

    We're going to have to. Because you are saying things that imply you don't have even a basic understanding of what it means for a device to be connected to the internet.

    My parents had a similar problem that they seemed to get over (I'm not totally convinced though): after they stopped using AOL, they were confused by the fact that when they turned on their computer, they didn't have to start a separate program to "log on" to the internet. They didn't understand what happened when they turned on their computer to make it connect, nor the fact that their computer was always connected to the internet when on.
     
  15. Oct 25, 2016 #14

    Borg

    User Avatar
    Science Advisor
    Gold Member

  16. Oct 25, 2016 #15

    Stephen Tashi

    User Avatar
    Science Advisor

    What things have I said about "what it means for a device to be connected to the internet"? I've hardly said anything at all about it.
     
  17. Oct 25, 2016 #16

    russ_watters

    User Avatar

    Staff: Mentor

    Most of what you have said:
    -The thing about your wireless thermometer
    -The "science fiction scenario"
    -Bringing up MAC addresses (putting the cart before the horse and misunderstanding how the cart works).

    In my previous post, I mentioned my parents' issues on the subject. I suspect yours are the opposite (judging by the thermometer issue): you are young enough that you don't remember when the internet didn't exist and devices weren't automatically connected to it, so you have never had to deal with the issue of what it means and what the difference is between devices that are and aren't connected. And that's fine.

    Look, you started this thread asking for help, and now instead of helping me help you, you are arguing with me about how much help you need. So do you want help or not?
     
  18. Oct 25, 2016 #17

    Stephen Tashi

    User Avatar
    Science Advisor

    What "thing"? I said my cheap wireless thermometer does not communicate with the internet. Are you saying it does?

    Are you implying it is infeasible?
    What "cart" and what "horse" are you referring to?

    No, I don't need your help.
     
  19. Oct 25, 2016 #18

    russ_watters

    User Avatar

    Staff: Mentor

    Fair enough. good luck to you!

    Jeesh!
     
  20. Oct 25, 2016 #19
    I'm sure the instructions state to change this information. If the user does not, well..... I don't think you'll pass the (I hope, and wish there was one) computer literacy test before even buying a computer.

    With regards to the DDoS attack, how does one even stop it and get the servers back to working order?
     
  21. Oct 25, 2016 #20

    russ_watters

    User Avatar

    Staff: Mentor

    While I agree, this isn't just about the stupidity of one (or a million individual) computer users, it's about the societal cost of a design that should be impervious to that stupidity.
     
Know someone interested in this topic? Share this thread via Reddit, Google+, Twitter, or Facebook

Have something to add?
Draft saved Draft deleted



Similar Discussions: DOS attack via IOT - boundaries of internet?
  1. The internet (Replies: 18)

  2. INS and DoS (Replies: 3)

  3. Attack of the zergs! (Replies: 3)

  4. Bear Attack (Replies: 28)

Loading...