Ask Slashdot: Is My IoT Device Part of a Botnet?

As our DVRs, cameras, and routers join the Internet of Things, long-time Slashdot reader galgon wonders if he's already been compromised: There has been a number of stories of IoT devices becoming part of botnets and being used in distributed denial of service attacks. If these devices are seemingly working correctly to the user, how would they ever know the device was compromised? Is there anything the average user can do to detect when they have a misbehaving device on their network?
I'm curious how many Slashdot readers are even using IoT devices -- so leave your best answers in the comments. How would you know if your IoT device is part of a botnet?

Easy or free, pick one

There are free tools you can use to monitor a network, but they might not be so easy for the average user. Just googling around, I found this solution that's designed to answer such questions, but note it costs money. I've never seen it in action. One would hope that you get something user-friendly at such a price.

The other guy who said that if you can log in with "admin" as the userid and "password" as the password, or some other default login, that's spot-on. Botnet creators will probe for that, so at the very lease change the userid and password before actually going live... or just do what I do and not have any IoT stuff.

Re:Am A Noob Too

[Bert64]

Keep routers and access points separate, there's no need for them to be the same device...
Get a low power atom device to run something like pfsense, a cheap managed switch (the hp 1800 series are good and quiet), use any wireless ap as a dumb bridge so it doesnt need any routing capabilities.
Create separate VLANs for guests and other untrusted devices, you can connect to devices here via the firewall but don't allow any outbound connections from the network containing these devices.
Buy new wifi as/when (eg 802.11ac), add multiple access points to cover different areas if necessary (even in a small house, wifi doesn't travel well through floors) and link them together via ethernet. Use ethernet whenever possible, wifi is only for portable devices.
You can also setup a VPN so you can connect to your stuff from outside, having authenticated using both a certificate and a user/pass. Far less chance of compromise than some unknown black box device from china.

Re:How do you know?

[geekmux]

Just install Norton AV on it, and add McAfee to be sure. Then, even a botnet wouldn't want to anymore run on that device

Yeah, that's it! "Should I have run MacAfee on my FirstAlert online smoke detectors?" you say to yourself as you gaze at the remains of your house.

IoT or not, odd how you made me wonder if the smoke alarm itself has ever been the source of a fire...

I need coffee. It's too early for this.

Re:How do you know?

[QuietLagoon]

Can you trust your thermostat to not browse your files?

Nowadays, that is an amazingly valid question. Just a few short years ago, if you asked that question, you would have been __________. (fill in the blank)

Re:How do you know?

[Solandri]

I've been saying for over a decade now that at least one storage device on the computer should have a physical read-only switch. Some kind of jumper which needs to be moved, or a switch on the motherboard which needs to be physically flipped, before you can write to the device. The main OS could be stored there, while logs, configs, temp files, etc. stored on a different storage device. Security flaws like a buffer overflow would still allow access to some memory, but it'd be impossible to exploit it to modify the system to give you full root access upon reboot.

That's the way things were in the 1970s and early 1980s, when RAM was incredibly expensive so the programming for most embedded systems was stored in ROM, using RAM only for operational data. I've only seen one modern embedded system function this way - you stored the OS on a SD card with the write-protect switch flipped, and used a second SD card for data storage.