During post-incident review of the October 2016 DDoS attack that took DNS provider Dyn offline, your team studies how the Mirai botnet recruited over 100,000 IP cameras and routers in just hours. Which specific trait of Mirai's propagation enabled this explosive growth and should guide IoT hardening efforts?
Manipulation of BGP route advertisements to redirect IoT traffic through attacker-controlled networks
Large-scale DNS amplification using millions of misconfigured open resolvers
Exploitation of the OpenSSL Heartbleed flaw to inject malicious code into embedded firmware
Automated scanning of open Telnet services and login with common factory-default credentials on IoT devices
Mirai's authors embedded a short list of factory-default username and password pairs for dozens of popular IP cameras, DVRs, and SOHO routers. The malware scanned the public IPv4 space for systems with Telnet open (ports 23/2323), attempted those credentials automatically, and, upon success, downloaded its binary to enlist the device. Because many owners never changed these hard-coded logins, the success rate was extremely high, letting Mirai swell quickly enough to generate the multi-Tbps attack that crippled Dyn. No zero-day vulnerabilities, DNSSEC tricks, BGP hijacking, or high-amplification reflectors were required-just the widespread prevalence of unchanged default credentials on Internet-exposed IoT gear.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Telnet and how does it relate to Mirai's propagation?
Open an interactive chat with Bash
Why were factory-default credentials so vulnerable to Mirai attacks?
Open an interactive chat with Bash
How can IoT devices be hardened against attacks like Mirai?
Open an interactive chat with Bash
Why is Telnet commonly targeted by malware like Mirai?
Open an interactive chat with Bash
What are factory-default credentials, and why are they a security risk?
Open an interactive chat with Bash
How can IoT devices be hardened against attacks like Mirai?
Open an interactive chat with Bash
Certified Ethical Hacker (CEH)
Network and Perimeter Hacking
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .