[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More


Refuse to Take Part in a DDoS Botnet

Published on
4,101 Points
Last Modified:
Kimberley from Paessler
PRTG expert and networking nerd
If you're not part of the solution, you're part of the problem.  

Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual traffic patterns.
One of the big topics in the IT world last week was the massive DDoS attack against Brian Krebs' "Krebs on Security" website, which appears to have come from compromised IoT devices, including security cameras.  As the Register reports, the attack is the largest known single DDoS attack to date, with over 152K devices involved, generating over 620Gbps in the attack.
 If you're not part of the solution, you're part of the problem.
(rephrased quote from Eldridge Cleaver)
The scale of the attack begs the question of how the compromised companies could have lessened the attack by ensuring that their IoT devices aren't part of a botnet.  Many IoT devices simply don't offer endpoint security, but that's no excuse for leaving them unprotected.  In fact, quite the opposite:  the "dumbest" devices are the ones that need the most protection since they have no way to defend themselves. 

Some of the possibilities to defend even the simplest IoT devices using the rest of your infrastructure include:
  • Running IDS/IPS systems to detect unusual activity in your network, not only from IoT devices. Keep in mind that the IDS requirements for IoT devices are very different from standard enterprise PCs and will depend on the protocols used by the IoT devices.
  • Limiting outgoing communication from IoT devices to only the minimum required (e.g. do these cameras require Internet access, or only access to internal servers?). Limit communication to/from IoT devices to specific known hosts only.
  • Separating your IoT network from the rest of your network, as much as possible. If the devices themselves don't offer embedded firewalls, place firewalls in front of them.
  • Limiting bandwidth at the point where IoT devices access the rest of network
  • Monitoring bandwidth at the point where IoT devices access the rest of the network, to detect unusual patterns

PRTG can help with the bandwidth monitoring part of this solution: traffic sensors with limits will alert you when your outgoing traffic is higher than expected, and PRTG's Unusual Detection heuristics will notify you about unusual patterns in your PRTG sensors. 

For a short introduction to monitoring bandwidth using PRTG, check out this video.

This article originally appeared on the Paessler corporate blog: https://www.paessler.com/blog/2016/10/04/monitoring-knowledge/refuse-to-take-part-in-a-ddos-botnet
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month