How do we prevent new mega-botnets composed of cheap internet devices? This is a really really important topic for the next decade and MJG has summarized the problem quite well. 1) you can’t solve it via quality control, 2) you can’t solve it by patching, 3) IP blacklisting via ISPs is one of the only remaining options but has huge collateral damage because ISPs can realistically just block at a whole-household/business granularity.
It seems to me that externally-managed routers in the households/small businesses of non-technical users could help. Evergreen router firmware could reduce vulnerabilities at the border, and handing fine-grained blacklist control to an expert service to block/filter individual devices as problems arise. That’s an expensive solution and relies on adoption of such devices+services. But if MJG’s idea of laws forcing ISPs to blacklist actually become reality, then customers may WANT such managed routers to minimize their risk of being completely shut off. Kind of an insurance policy against being implicated.
Originally shared by Matthew Garrett
500,000 infected devices is enough to create a botnet capable of crippling the internet. There’s over 8 billion IoT devices. We’re not going to fix this by inspecting devices at the border or forcing recalls.