Refuse to Take Part in a DDoS Botnet

Published on
4,056 Points
Last Modified:
Kimberley from Paessler
PRTG expert and networking nerd
If you're not part of the solution, you're part of the problem.  

Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual traffic patterns.
One of the big topics in the IT world last week was the massive DDoS attack against Brian Krebs' "Krebs on Security" website, which appears to have come from compromised IoT devices, including security cameras.  As the Register reports, the attack is the largest known single DDoS attack to date, with over 152K devices involved, generating over 620Gbps in the attack.
 If you're not part of the solution, you're part of the problem.
(rephrased quote from Eldridge Cleaver)
The scale of the attack begs the question of how the compromised companies could have lessened the attack by ensuring that their IoT devices aren't part of a botnet.  Many IoT devices simply don't offer endpoint security, but that's no excuse for leaving them unprotected.  In fact, quite the opposite:  the "dumbest" devices are the ones that need the most protection since they have no way to defend themselves. 

Some of the possibilities to defend even the simplest IoT devices using the rest of your infrastructure include:
  • Running IDS/IPS systems to detect unusual activity in your network, not only from IoT devices. Keep in mind that the IDS requirements for IoT devices are very different from standard enterprise PCs and will depend on the protocols used by the IoT devices.
  • Limiting outgoing communication from IoT devices to only the minimum required (e.g. do these cameras require Internet access, or only access to internal servers?). Limit communication to/from IoT devices to specific known hosts only.
  • Separating your IoT network from the rest of your network, as much as possible. If the devices themselves don't offer embedded firewalls, place firewalls in front of them.
  • Limiting bandwidth at the point where IoT devices access the rest of network
  • Monitoring bandwidth at the point where IoT devices access the rest of the network, to detect unusual patterns

PRTG can help with the bandwidth monitoring part of this solution: traffic sensors with limits will alert you when your outgoing traffic is higher than expected, and PRTG's Unusual Detection heuristics will notify you about unusual patterns in your PRTG sensors. 

For a short introduction to monitoring bandwidth using PRTG, check out this video.

This article originally appeared on the Paessler corporate blog: https://www.paessler.com/blog/2016/10/04/monitoring-knowledge/refuse-to-take-part-in-a-ddos-botnet

Join & Write a Comment

If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month