Late last year, internet performance management Dyn suffered from a massive DDoS attack perpetrated by a network of Mirai botnet computers. Since then, Mirai became a notorious name in the security community. The botnet also disrupted large sites including the New York Times, Twitter, and Spotify.
Mirai works to scan IP addresses across the internet and infect unsecured IoT devices, using them to perform DDoS attacks. Mirai is designed to guess login credentials and remove and replace malware that already resides on a device. In particular, Mirai targets IP cameras, routers and DVRs.
Thanks to Incapsula’s research and development efforts, you now have a tool to detect botnet infections on your system. Aptly called Mirai Vulnerability Scanner, the tool checks for botnet injection attacks on one or more devices on your network.
How it works
Incapsula explains how the tool operates:
When you click on “Scan My Network Now” the scanner will discover your public IP address—this is the IP address typically assigned to your internet gateway device or cable modem by your ISP. This device often functions as a router and Wi-Fi access point connecting other devices on your network to the internet. The Mirai Scanner will check your gateway from outside your network to see if there are any remote access ports that are vulnerable to attack by Mirai. The Mirai Scanner can only scan your public IP address.
If Mirai Vulnerability Scanner finds a vulnerable device on your network, perform the following tasks:
- Log in to each IoT device on your network and change the password to a strong password.
- Scan your network again to confirm that the vulnerability has been resolved.
There are some exceptions to the Mirai Scanner, including:
- If your gateway/router has NAT (network address translation) enabled, Mirai Scanner will only scan devices configured with IP addresses that have port forwarding enabled for ports 22/23.
- Mirai Scanner will not scan devices on your network that have a dedicated IP address different from the computer you use to access the Mirai Scanner website.
The beta version of the Mirai Scanner is available from Incapsula.