if the attack is sufficiently distributed and scale is very large it can knock out even much bigger targets. I think there have been attacks at over 600 Gbps scale.
Indeed, flashpoint (1) confirmed that the botnet attacking Dyn was the same one that attacked Krebs (2), and Krebs has more details as well (3). The previous attack on Krebs was seen to exceed 620Gbps.
> While Flashpoint has confirmed that Mirai botnets were used in the October 21, 2016 attack against Dyn, they were separate and distinct botnets from those used to execute the DDoS attacks against “Krebs on Security” and OVH.
So not quite.
> Dale Drew, chief security officer at Level 3, an internet service provider, found evidence that roughly 10 percent of all devices co-opted by Mirai were being used to attack Dyn’s servers. Just one week ago, Level 3 found that 493,000 devices had been infected with Mirai malware, nearly double the number infected last month.
If they aren't significantly underestimating the number of devices participating in this attack, it paints an ugly picture of things to come. My understanding is these botnets are almost impossible to eradicate due to how fast/easy it is to re-compromise the devices, so traditional methods of taking out C2s do almost nothing. Bonus - Mirai source code is freely and easily available for skids to use now, so there's no single threat actor for attribution/retaliation/arrest/etc.
I'm not too sure. I have heard that the attack also fixed the security vulnerability (changing the default root password) after installing the back door so other people cannot use it.
Although the source code is out there, those will not be able to control all those devices.
I'm not sure. Maybe that's the case for the passwords which can be changed via the administrative app but I read many of these are in firmware and not able to be disabled or changed:
“The issue with these particular devices is that a user cannot feasibly change this password,” Flashpoint’s Zach Wikholm told KrebsOnSecurity. “The password is hardcoded into the firmware, and the tools necessary to disable it are not present.
1. https://www.flashpoint-intel.com/mirai-botnet-linked-dyn-dns...
2. https://krebsonsecurity.com/2016/09/krebsonsecurity-hit-with...
3. https://krebsonsecurity.com/2016/10/hacked-cameras-dvrs-powe...