A Year After Mirai: DVR Torture Chamber Test Shows Two Minutes Between Exploits

UnderAttack writes: Over two days, the Internet Storm Center connected a default configured DVR to the internet, and rebooted it every 5 minutes in order to allow as many bots as possible to infect it. They detected about one successful attack (using the correct password xc3511) every 2 minutes. Most of the attackers were well known vulnerable devices. A year later, what used to be known as the "Mirai" botnet has branched out into many different variants. But it looks like much hyped "destructive" variants like Brickerbot had little or no impact.

Re:Honey pot?

[duke_cheetah2003]

Wouldn't it have just been simpler to create a honey pot that answered to the correct password?

Malware authors are getting increasingly good at detecting honey pot environments. Using the real deal is a good call, IMHO.

Re:What about NATs?

[ledow]

You know when things say "just port-forward" and people just do that?

There ya go.

One of the reasons that I look upon any port-forward as incredibly suspicious, professionally, and only like doing it if it goes via a device capable of connection-limiting, rate-limiting and performing intrusion-protection and sanitisation for the exact protocol in question.

"Hey, just bash a hole in your house so the postman can deliver your parcels. Hey, just bash another hole so the gas man can read your meter. Hey, just bash another hole so your lightbulbs can talk out."... at the point it starts sounding silly, that's the point it already is silly.