In 2016 the first larger IoT device-based botnets emerged, with Mirai being one of the most prominent examples, which infected more than 120.000 devices. Mirai was also responsible for knocking almost 1 million customers of Deutsche Telekom on the Internet and is infamous for performing the largest and most disruptive denial of service (DoS) attacks in history.
In order to cope with future variants of Mirai and to avoid further impact on routers of Deutsche Telekom, it has adapted common security mechanisms to minimize detection and response times of IoT device-based botnets. This talk presents Deutsche Telekom's detection, analysis, and response strategy to deal with infected IoT devices from an ISP point of view. The techniques techniques behind the strategy and the upcoming challenges are discussed. Furthermore it will give a deeper look into Botnet fingerprinting techniques using blackhole monitoring.


time: 14:00

Other sessions:

(Why) do cyber norms matter? (panel discussion)

Who needs an IP-address anyway? The (in)security of non-IP connected IoT devices

Operating Large-scale Honeypot Sensor Networks For Fun and (non) Profit

Security for Safety, the holy grail of ICS is coming under attack

Multi-party Vulnerability Disclosure: How we got here and where we are going (panel discussion)