In 2016 the first larger IoT device-based botnets emerged, with Mirai being one of the most prominent examples, which infected more than 120.000 devices. Mirai was also responsible for knocking almost 1 million customers of Deutsche Telekom on the Internet and is infamous for performing the largest and most disruptive denial of service (DoS) attacks in history.
In order to cope with future variants of Mirai and to avoid further impact on routers of Deutsche Telekom, it has adapted common security mechanisms to minimize detection and response times of IoT device-based botnets. This talk presents Deutsche Telekom's detection, analysis, and response strategy to deal with infected IoT devices from an ISP point of view. The techniques techniques behind the strategy and the upcoming challenges are discussed. Furthermore it will give a deeper look into Botnet fingerprinting techniques using blackhole monitoring.


time: 14:00

Other sessions:

Secure Agile Software Development

Abuse mitigation: an integrated approach

Deterrence in cyberspace: challenge or illusion?

Context is King - Using Enriched Threat Intelligence to Help People and Machines Protect Us

How to solve DDoS attacks