Wonder how long ago that code was written... From: Eric Kuhnke Sent: Wednesday, October 5, 2016 5:25 PM To: af@afmug.com Subject: Re: [AFMUG] grain dryer port forwards and IoT security
It's dumb and the manufacturer should feel bad. But it's not really your problem to secure their device, if it gets pwned you can cut it off from the network per your TOS/AUP. Not much riskier to the ISP than being a colo provider and renting a small section of rack space and selling a static /30 to a customer who doesn't know how to secure their Linux server. On Wed, Oct 5, 2016 at 4:22 PM, Ken Hohhof <af...@kwisp.com> wrote: We hooked up Internet to a new GSI tower dryer at a grain elevator, and assuming this is the correct manual, it wants ports 22, 23, and 80 forwarded to it. http://www.grainsystems.com/content/dam/Brands/GSI/Manuals/English/Conditioning/pneg1720-062114-OS.pdf Without additional firewall rules, does this sound risky? They have a cellphone app, which apparently goes directly to the dryer, not through some intermediary like a Team Viewer server. So I don’t see what firewall rules we could put in. Doesn’t this let every hacker, script kiddie, and bot herder in the world try to break into it via SSH, telnet and HTTP? Do these guys move on if the default password has been changed? I would think they would run dictionary attacks against it.
