the one we hooked up we just did a DMZ, told them the DMZ IP, and gave them a not my chair not my problem
On Wed, Oct 5, 2016 at 6:27 PM, <ch...@wbmfg.com> wrote: > Wonder how long ago that code was written... > > *From:* Eric Kuhnke > *Sent:* Wednesday, October 5, 2016 5:25 PM > *To:* af@afmug.com > *Subject:* Re: [AFMUG] grain dryer port forwards and IoT security > > It's dumb and the manufacturer should feel bad. But it's not really your > problem to secure their device, if it gets pwned you can cut it off from > the network per your TOS/AUP. > > Not much riskier to the ISP than being a colo provider and renting a small > section of rack space and selling a static /30 to a customer who doesn't > know how to secure their Linux server. > > On Wed, Oct 5, 2016 at 4:22 PM, Ken Hohhof <af...@kwisp.com> wrote: > >> We hooked up Internet to a new GSI tower dryer at a grain elevator, and >> assuming this is the correct manual, it wants ports 22, 23, and 80 >> forwarded to it. >> >> >> >> http://www.grainsystems.com/content/dam/Brands/GSI/Manuals/ >> English/Conditioning/pneg1720-062114-OS.pdf >> >> >> >> Without additional firewall rules, does this sound risky? They have a >> cellphone app, which apparently goes directly to the dryer, not through >> some intermediary like a Team Viewer server. So I don’t see what firewall >> rules we could put in. Doesn’t this let every hacker, script kiddie, and >> bot herder in the world try to break into it via SSH, telnet and HTTP? Do >> these guys move on if the default password has been changed? I would think >> they would run dictionary attacks against it. >> > > -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team.
