Actually depends on the device. Many of these simply aren't able to get 'owned' like, as an example, something which runs Linux.
On the other hand, opening 22 and 23 scare me. Especially 23. Port 80 isn't as big of a deal as long as the device is hardened and passwords are changed. On Wed, Oct 5, 2016 at 5:25 PM, Eric Kuhnke <eric.kuh...@gmail.com> wrote: > It's dumb and the manufacturer should feel bad. But it's not really your > problem to secure their device, if it gets pwned you can cut it off from > the network per your TOS/AUP. > > Not much riskier to the ISP than being a colo provider and renting a small > section of rack space and selling a static /30 to a customer who doesn't > know how to secure their Linux server. > > On Wed, Oct 5, 2016 at 4:22 PM, Ken Hohhof <af...@kwisp.com> wrote: > >> We hooked up Internet to a new GSI tower dryer at a grain elevator, and >> assuming this is the correct manual, it wants ports 22, 23, and 80 >> forwarded to it. >> >> >> >> http://www.grainsystems.com/content/dam/Brands/GSI/Manuals/ >> English/Conditioning/pneg1720-062114-OS.pdf >> >> >> >> Without additional firewall rules, does this sound risky? They have a >> cellphone app, which apparently goes directly to the dryer, not through >> some intermediary like a Team Viewer server. So I don’t see what firewall >> rules we could put in. Doesn’t this let every hacker, script kiddie, and >> bot herder in the world try to break into it via SSH, telnet and HTTP? Do >> these guys move on if the default password has been changed? I would think >> they would run dictionary attacks against it. >> > > -- *Forrest Christian* *CEO**, PacketFlux Technologies, Inc.* Tel: 406-449-3345 | Address: 3577 Countryside Road, Helena, MT 59602 forre...@imach.com | http://www.packetflux.com <http://www.linkedin.com/in/fwchristian> <http://facebook.com/packetflux> <http://twitter.com/@packetflux>
