In 2016 the first larger IoT device-based botnets emerged, with Mirai being one of the most prominent examples, which infected more than 120.000 devices. Mirai was also responsible for knocking almost 1 million customers of Deutsche Telekom on the Internet and is infamous for performing the largest and most disruptive denial of service (DoS) attacks in history.
In order to cope with future variants of Mirai and to avoid further impact on routers of Deutsche Telekom, it has adapted common security mechanisms to minimize detection and response times of IoT device-based botnets. This talk presents Deutsche Telekom's detection, analysis, and response strategy to deal with infected IoT devices from an ISP point of view. The techniques techniques behind the strategy and the upcoming challenges are discussed. Furthermore it will give a deeper look into Botnet fingerprinting techniques using blackhole monitoring.


time: 14:00

Other sessions:

Operating Large-scale Honeypot Sensor Networks For Fun and (non) Profit

How to become a darkmarket admin

How to solve DDoS attacks

Professionalizing Incident Response & Network Defense Ethics, Standards and Self-Governance