|
|
|
|
|
|
by Nextgrid
1167 days ago
|
|
|
> It wouldn't take mere seconds to detect a new device connected to the Internet You don't need to detect. You just spam exploit packets to every possible IP address and hope some of them hit a vulnerable target. How do you get the necessary bandwidth to do that? Well you make your malware do the spamming, so as the network of compromised hosts grows, so does the attack traffic, until everyone is spammed with attack packets every few seconds. The same is happening nowadays, just open tcpdump on a WAN interface and watch the nastiness roll in - you'll see SSH connection attempts (trying to bruteforce credentials), HTTP requests (typically used to exploit shitty PHP CMSes), etc. |
|
|