Automation of Internet-of-things Botnets Takedown by an ISP

For the past 12 months, the Internet-Of-Things botnets have made the headlines. Behind the media noise lies a threat that could be easily remedied by taking appropriate actions to discourage the herders which, most of the time, are kiddies. The latters often purchase the services of a third party to set up the Command & Control on dedicated servers and thus, have a strong potential to cause harm. The growing number of botnets made us reflect upon a workflow to contain the trend.

This presentation aims to show how easy it is to identify the Command & Controls of the Internet-of-Things botnets and how OVH implemented an automated workflow to search them out of its network. This workflow is currently running in production and is able to extract the Command & Control IP in 9 out of 10 cases. and could be easily implemented by other ISPs.

OVH is the third hosting company in the world, providing bare metal servers, cloud instances, web hosting, xDSL links, etc. Also known for having mitigated a Distributed Deny of Service attack above the symbolic terabits per second barrier issued by a MIRAI botnet, OVH is definitively committed to fight against botnets.


Sébastien works as a threat enginner at OVH, gathering intelligence to protect both infrastructure and customers, especially by reversing malwares. His work has been crucial to mitigate the 1 Tbps attack issued by a MIRAI botnet and to protect the OVH’s customers from the WannaCry outbreak.

Print Friendly, PDF & Email
Sébastien Mériot

@@smeriot

Security Engineer @OVH trying to make the Internet a better place. Trolls are my own. #infosec
RT @fs0c131y: <Thread> Hi @OnePlus 👋! How are you today? Let's talk about the OPBugReportLite found in your phone. This app is a pre-instal… - 2 days ago
Sébastien Mériot

Latest posts by Sébastien Mériot (see all)