Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror

Comment Re:No way to cut the problem at the root? (Score 1) 74

I wonder if some security boffin might publish on github some iptables rate limiting rules in the same vein as dropping inbound ssh connections, but for any outbound IOT device traffic. Perhaps an ISO/ECMA mandated IOT ID byte in the MAC address after vendor ID [FE]? It appears iptables wont match against a MAC Regular Expression in filters.The manpage seems to require requires a fully qualified MAC. In lieu of revising the source code, the logic can be inverted and limit all addresses that aren't specifically allowed, pretty cumbersome, might easier & quicker to revise. Is there a list of vendor MAC ID for the offending devices (dont really care if there are collateral hits on other products from the same vendor, its just a rate limit not a total block, adjust the limit case by case). I wonder how feasible it would be for Cisco, et al. to provide DDOS mitigation access control lists/processors to block such at the source site or ISP.

Slashdot Top Deals

"Paul Lynde to block..." -- a contestant on "Hollywood Squares"

Working...