[Chugalug] 58, 000 Security Camera Systems Critically Vulnerable To Attackers

Dave Brockman dave at brockmans.com
Tue Jan 29 21:50:51 UTC 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 1/29/2013 4:19 PM, Dan Lyke wrote:
> On Tue, 29 Jan 2013 16:11:56 -0500 Dave Brockman
> <dave at brockmans.com> wrote:
>> We *have* to get out of this IPv4 mindset that NAT is a good
>> thing (tm).
> 
> Yeah, I'm not convinced that it's a good thing, but I'm of the
> opinion that it's what we have right now.

The current consumer broadband model pretty much requires a PAT
configuration with IPv4.  We've been doing it for 20 years or so now,
so we've made our applications smarter to get around it (for the most
part, we still need FTP ALG in most cases for instance), but CGN is
going to be a whole new kind of pain.  Nat on each end plus a NAT in
the middle, I see a whole lot of broken IPv4 based shit headed our
way.  The next battle will be with the ISPs to give you a /48 worth of
IPv6 instead of a single /64.  Hell, I guess we have to win the give a
/64, not a /128 battle first.....

>> The bad guys have been winning this particular war for at least
>> the past 5 years.  And I mean the really bad guys, not the script
>> kiddie punk kind, the Estonian Mafia kind.....
> 
> Got *5* calls today from the guy claiming to be from technical
> support trying to get me to install software on my Windows
> computer.

I *never* get this guy.... I have a handful of VMs just waiting for
the opportunity to capture one of these shit-heads in action.  And
it's not like I can firewall off my DID the way I do my network, so
it's really not my fault, I keep getting the Cruise and Credit
Services phone SPAM, don't know why I can't get the Microsoft guy :(

>> Using your modem as a modem and not a router with a proper
>> firewall at your border will prevent that nonsense also.
> 
> Yes.

Just because your network devices *can* plug and play, doesn't mean
they should :)

Regards,

dtb


- -- 
"Some things in life can never be fully appreciated nor
understood unless experienced firsthand. Some things in
networking can never be fully understood by someone who neither
builds commercial networking equipment nor runs an operational
network."  RFC 1925
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEbBAEBAgAGBQJRCEQ7AAoJEMP+wtEOVbcd5lEH+ImxQpKp3Bs9yzXY3bk2X8tF
x9z+4nHvPjG9KlXsZSVW8sWmmr4dQn42gNCQfucYL4+FqY12K8Pdc35I7/JIb6OQ
VOVpVsszeaLTh5+slBUbGt/sZkaahRp6sf0guKevgpSjWQps+b3oTgArXZbXato0
v8PN098/dQX9TpYZJFR4H9VcHCAp2FmwNYb6z14fajjGmwtZjfa+8SxIlfY6gQLO
aO1F8R8aFrfuG/Rt5mpbUFCCOXK9y8JK7xFR5vnQhcrQQfZDR8Y3NsvIG/P84JUd
BAZQbTlnf0XBeUNJthQAnOMtdonOtxKbu1JxnTj57HVzpbtPcRtzjVkgnR2v9A==
=NCwE
-----END PGP SIGNATURE-----


More information about the Chugalug mailing list