The machines we have seen, run Win98 (not XP)… and yes, we have set a few up, and even offered the farmer to setup VPN, but they don’t want that extra step…SO, we do what they ask.
Eric Rogers www.pdsconnect.me (317) 831-3000 x200 From: Af [mailto:af-boun...@afmug.com] On Behalf Of ch...@wbmfg.com Sent: Wednesday, October 5, 2016 7:27 PM To: af@afmug.com Subject: Re: [AFMUG] grain dryer port forwards and IoT security Wonder how long ago that code was written... From: Eric Kuhnke Sent: Wednesday, October 5, 2016 5:25 PM To: af@afmug.com Subject: Re: [AFMUG] grain dryer port forwards and IoT security It's dumb and the manufacturer should feel bad. But it's not really your problem to secure their device, if it gets pwned you can cut it off from the network per your TOS/AUP. Not much riskier to the ISP than being a colo provider and renting a small section of rack space and selling a static /30 to a customer who doesn't know how to secure their Linux server. On Wed, Oct 5, 2016 at 4:22 PM, Ken Hohhof <af...@kwisp.com> wrote: We hooked up Internet to a new GSI tower dryer at a grain elevator, and assuming this is the correct manual, it wants ports 22, 23, and 80 forwarded to it. http://www.grainsystems.com/content/dam/Brands/GSI/Manuals/English/Conditioning/pneg1720-062114-OS.pdf Without additional firewall rules, does this sound risky? They have a cellphone app, which apparently goes directly to the dryer, not through some intermediary like a Team Viewer server. So I don’t see what firewall rules we could put in. Doesn’t this let every hacker, script kiddie, and bot herder in the world try to break into it via SSH, telnet and HTTP? Do these guys move on if the default password has been changed? I would think they would run dictionary attacks against it.