• HeartyBeast@kbin.social
      link
      fedilink
      arrow-up
      9
      ·
      9 months ago

      I suspect it might have been problematic to tip off the malware operators that the network was about to be shut down. Apparently customers are going to be informed via their ISPs now. I guess some if them may decide to junk the routers.

    • shalafi@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      arrow-down
      13
      ·
      9 months ago

      My ISP has never had info on my router, for 20+ years. Was there something in the story I missed about these being ISP issued routers?

      • Darkassassin07@lemmy.ca
        link
        fedilink
        English
        arrow-up
        28
        ·
        9 months ago

        The ISPs don’t need info on the routers…

        The FBI has identified the routers; if they’re able to connect to them and issue commands, they clearly know the IPs of those routers and thus the ISP servicing that IP. The ISP knows which of their customers is/was assigned a particular IP.

      • BakedCatboy@lemmy.ml
        link
        fedilink
        English
        arrow-up
        21
        arrow-down
        1
        ·
        edit-2
        9 months ago

        Your ISP knows the Mac address of your router since it requests a public IP from them using DHCP. That’s why if you contact support they usually can confirm the brand of your router by doing an oui lookup.

        In theory the FBI could have collected a list of MACs and optionally used an ASN lookup on the public IP and then handed each ISP their list of MACs, which the ISP could associate back to customers to contact. It would only not work for customers who spoof their router WANs ethernet mac.

        But I think just patching it is a normal and fine solution imo.

          • BakedCatboy@lemmy.ml
            link
            fedilink
            English
            arrow-up
            2
            ·
            edit-2
            9 months ago

            I only do web development, but my networking knowledge mostly comes from being the designated person to call the ISP for tech support and being in charge of setting up the WiFi in every place that I’ve lived, in addition to participating and running community scale mesh wifi tech meetups for many years (think NYCMesh except just 4 guys who never accomplished much aside from buying and flashing lots of routers with openwrt lmao)

            I also ran 12Us of homelab for a few years in my basement, which was powered by an overkill fiber to the home setup (courtesy of tricking Comcast into undercharging me for gigabit pro) that necessitated a 10G switch and firewall.

        • Case@lemmynsfw.com
          link
          fedilink
          English
          arrow-up
          1
          ·
          6 months ago

          Or I mean, Shodan exists. I’m sure the gov has better.

          A theoretical botnet I was looking at on github used shodan to identify possible targets to infect.

      • HeartyBeast@kbin.social
        link
        fedilink
        arrow-up
        5
        ·
        9 months ago

        Probably works the other way around - FBI detects the problem at various IP addresses, patches them, then contacts the iISP and asks them to contact the customer who had x.y.z IP address