Monday, October 24, 2016

Solution to DDOS Attacks from the IoT

Last Friday, October 21st, the company DYN was the recipient of a rather massive DDOS (Distributed Denial of Service) attack.  Companies and tinkerers won't like this simple solution because it causes them to do a little extra work.  If this potential solution doesn't solve the problem, it would certainly mitigate it.

It's simple.  For those old enough to recall free AOL disks, remember how many included an account password printed on the CD/disk case?  Well, the same thing could be done for IoT devices.  Manufacturers of these things could simply print two random English words on a label and stick it on the IoT Device.  This password is burnt into the device as its factory default.  There is no standard factory default.  Let's face it...  The bulk of people using and installing IoT devices either don't know there is a password on their new-fangled refrigerator, or they just don't care to change it.

Seriously

water-wood
january-carolina
protien-curious
wrecked-quipped

These passwords would be so much better than admin or system or the ever-popular password.

Tuesday, October 18, 2016

Mouse Peep in a Snow Storm - or - How NOT to Operate QRP

So...  On last Sunday (2016-10-16) there was a little ham radio contest called the "Illinois QSO Party".  Yes, I am a licensed amateur radio operator, and have been continuously since 1983.  Since then I have talked to folks all over the world  from my car or home office, completely without this new-fangled thing they call the internet.

Anyway, my wife and I went to the Peoria Ham Fest several weekends ago and I bought a late 1970's Yaesu FT-7.  Sure, I would have preferred my favorite, an Icom IC-706, however my play-budget is currently quite limiting.  The Yaesu was only $200; the Icom runs around $700.  Add another $100 for antennas and other accessories, and the Icom will simply cost far too much right now.  At any rate, for $300 I purchased a rig and enough wire and coax to make antennas for the 80, 40, 20, 15 and 10 meter bands.

One thing...  The FT-7 is considered a QRP rig; that means 'low-power' for you non-hams out there.  Generally, this radio uses less power than a computer monitor.

Since tossing a 20M dipole up into the trees, I have been making regular contacts with mobiles on the County Hunter Net (14.336 MHz) and a few special events stations.  Signal reports are 'ok' but not outstanding.  This is how it works...  The other station "calls CQ" and is specifically listening for other stations to call them on a certain frequency.  They are listening.  So, when I call them with my little low-powered rig, they hear me and call me back.  It works.

I remember reading somewhere a long while ago that QRP stations really shouldn't call "CQ" (i.e. is anyone there).  It will be a waste of time.  Other hams tuning around the band might hear your puny little signal but move on to a louder signal because it is easier to make a contact with them.

Absolutely.  I wasted an hour on Sunday calling CQ with my little QRP radio during the Illinois QSO Party and made exactly zero contacts.

So, the common thought holds... When running QRP, don't call CQ...  It's like a mouse peep in a snow storm.