Could someone please illustrate a concrete example of how having the password to my camera (assuming it has an routing through NAT) can be used to generate outbound traffic?
I have five cameras set up with NAT port holes. My passwords are (I believe) secure. But even if they were on the list, how could that be used to generate outbound traffic to DDoS someone? Presumably, only by a further vulnerability in the firmware.
In all the media / HN coverage, even with the release of Mirai source, I have yet to see a concrete example of a brand/model of camera/DVR who's firmware is exploitable. Let alone a list of models that are.
One exception: The D-Link DCS-930L[1] has a known vulnerability.
I have five cameras set up with NAT port holes. My passwords are (I believe) secure. But even if they were on the list, how could that be used to generate outbound traffic to DDoS someone? Presumably, only by a further vulnerability in the firmware.
In all the media / HN coverage, even with the release of Mirai source, I have yet to see a concrete example of a brand/model of camera/DVR who's firmware is exploitable. Let alone a list of models that are.
One exception: The D-Link DCS-930L[1] has a known vulnerability.
[1]: https://www.exploit-db.com/exploits/39437/
Edit: Okay, if you can get in on telnet, then nevermind; you're p0wned. But if you're a webcam on port 8080, what is the attack vector?