DDOS - IoT - suggestinos ?

I have no clue on web services and am only just beginning to make an IoT project.

the DDOS I went thru this weekend and the admission it was

http://www.computerworld.com/article/3134097/security/chinese-firm-admits-its-hacked-products-were-behind-fridays-ddos-attack.html

begs me to ask if the ESP8266 might be involved and if actions need to be taken ?

I was impressed how well the Arduino could do things, and with a few million. it looks like it could bring down a whole country.

No

dave-in-nj:
<…> begs me to ask if the ESP8266 might be involved and if actions need to be taken ?

I was impressed how well the Arduino could do things, and with a few million. it looks like it could bring down a whole country.

Mirai works by enslaving IoT devices to form a massive connected network. The devices are then used to deluge websites with requests, overloading the sites and effectively taking them offline.

Because these devices have weak default passwords and are easy to infect, Mirai has been found spreading to at least 500,000 devices, according to internet backbone provider Level 3 Communications.

I agree with INTP, since the ESP8266 is not known to be used in a high profile devices. However, this does not mean that there are no commercial applications for the ESP8266:
ESP8266 commercial products

Could an ESP8266 be purposely programmed to do nasty things? Yes, for certain. I just published last week the ESP8266 Mini-Sniffer project that can extract both the client and AP MAC addresses for devices around you. I started the project with some hacker code on a Russian website designed to take-down localized WiFi access points and disrupt clients connected. I can assure you the code works! I wiped out 2 routers in my house and every awake client. I likely took down a few of my neighbor’s WiFi nodes too.

So, I would say that using an ESP8266 as a bot-net is unlikely, but messing with everyone’s WiFi within a small area is certainly feasible - code is currently available. A small group of people could literally take down an entire venue… say a football game or a forum/trade-show. At $4 USD or less per module, the hardware for such an attack is easily within the means of almost anyone.

At the moment, the ESP8266 only works on 2.4G radio, so WiFi routers and Access Points on 5G are not affected. That being said, most 5G radios also have 2.4G companion frequencies and I have not experimented with an attack on 2.4G to see if 5G is still unaffected.

Ray

mrburnette: I started the project with some hacker code on a Russian website designed to take-down localized WiFi access points and disrupt clients connected. I can assure you the code works! I wiped out 2 routers in my house and every awake client. I likely took down a few of my neighbor's WiFi nodes too.

I would like to hear which site you got this from...

hutje: I would like to hear which site you got this from...

And I would hope no-one tells you.

dave-in-nj: begs me to ask if the ESP8266 might be involved and if actions need to be taken ?

As far as I have heard, the DDOS attack which brought Twitter and other services down last Friday was mainly caused by hacked Chinese WiFi surveillance cameras.

See heere: http://www.digitaltrends.com/computing/xiongmai-technologies-recall-devices-friday-ddos-attack/ Currently they call back millions of products made September 2015 and later.

I am definitely one who spots the black helicopters and vast government cover-ups.

my point is that any device like the ESP8266 could be hard coded to be used to disrupt. it has access to your wifi and password because you gave it that.

no reason it could not send out one message like here is my IP address and then just wait for a ping from some devious remote site.

gotta go polish my tin-foil hat, the nasties in the chem-trails that fall from the sky. (Chicken Little was way ahead of her time)

dave-in-nj: my point is that any device like the ESP8266 could be hard coded to be used to disrupt. it has access to your wifi and password because you gave it that.

no reason it could not send out one message like here is my IP address and then just wait for a ping from some devious remote site.

The bigger the ignorance, the more space there is to fill in with rubbish.

What do you mean hard coded? People a lot smarter than you have eyes, can name every part of the board, and know that flashing the memory components is this 'hard coding' thing you're talking about. Your wifi and password are worthless, and your IP can be easily seen. Heck any mod here can tell you what your IP is right under your username.

If you don't understand how something works, it's a much better path to take to try to learn, than to make up poppycock theories and pretend you have a point. When you fear your own imaginations due to your self-reinforcing ignorance, you are a prime candidate for mental help.

IMO, there is less danger of an ESP8266 being misused than something like a consumer product, an IP camera or a smart refrigerator or a smart TV. These consumer devices are pre-programmed by the factory and sit on the field side (LAN) of the home router. Therefore, these smart consumer devices can easily open a port on the router if they have gotten their IP addresses from DHCP on the home router.

When the ESP8266 is used with the ArduinoIDE, the flash is erased (the AT or LUA code is overwritten) by the Arduino upload programming. Thus, any vector existing in flash is erased. So, what happens is that the Arduino C++ binary code and a copy of the Espressif binaries to support the call APIs is uploaded. The remainder of the flash can be used for SPIFFS.

We hobbyist can do our hobby a lot of good by not over hyping these DDoS attacks and certainly by not associating parts like the ESP8266 in the same context as DDoS. One could maliciously program a zillion ESP8266 to create a flood of traffic, but the flood would come from our own IP addresses and the ISP would quickly shut us down. Yes, one could give away a zillion pre-programmed devices but that appears to me to be unlikely.

The first "D" in DDoS is Distributed. The devices succeed only if they are widely separated on the Internet. If all of the traffic is being generated from someone's home or business, the bandwidth is simply not sufficient to do a great deal of damage for any length of time. ISP's do monitor such behavior and there is procedures in place to shut down feeds that are known to contribute to an active attack.

hutje: I would like to hear which site you got this from...

Why? Really, I do not wish to know.

As a good author and to stay on the legal side of licensing, I chronicled all my sources within the source code. A lots can be learned from studying malicious code; I find it no different than a policeman studying the behavior of criminals in an effort to build profiles to capture the bad guys.

Where things go wrong is when a hobbyist maliciously uses something like an ESP8266 to disrupt traffic or take down a WiFi network or free Internet connection at McDonalds. I am not here to make judgments but I will ask that if you decide to download and run the hacker code that you do so only to your own networks and that you do not interfere with other users.

Ray