Re: [Emc-users] Telnet Interface Questions
At 10:55 PM 1/12/2009, you wrote: Mark Wendt (Contractor) wrote: Realistic? I get messages from my intrusion detectors every day of folks from all over the world scanning my ports, trying to find a way in. They hit a block of IP addresses and scan all of them in that block. A very effective way to stop this is to use denyhosts. I have now set the limits very tight, if a particular IP is the source of more than 2 unsuccessful login attempts within a month, it gets added to the hosts.deny list, and takes 180 days to get off that list. I had some very determined hackers using a stable of several hundred compromised nodes to attack my machine. They are still trying, but they are totally being blocked. The main feature of denyhosts is that it doesn't care about port number, any failed login from ANY port is added to the threshold, and then being on hosts.deny pretty much blocks any access. Jon Jon, Kewl. I'll give that a try. I'd heard about that a while back, but it got shuffled off to the dark recesses, and I forgot all about it. Mark -- This SF.net email is sponsored by: SourcForge Community SourceForge wants to tell your story. http://p.sf.net/sfu/sf-spreadtheword ___ Emc-users mailing list Emc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/emc-users
Re: [Emc-users] Telnet Interface Questions
On Sunday 11 January 2009, Leslie Newell wrote: A much more likely scenario is a malicious user trying to mess around with a CNC machine that is on the same local network. Or it could be a curious login user - For anyone interested in system security and stability, try poing a few hal variables, look in the /proc directory tree, echo a random string to any/all of the rtapi or hal entries. Try also, with the aid of emc_module_helper, unloading some of the multitude of components followed by the main modules, finishing with rtai_rtapi - Let us know what happens when you shut down. For anyone with a Mesa card (or any other fpga card), using the provided utility, upoad a new bit file, then pick a bit file at random and try that. -- Check out the new SourceForge.net Marketplace. It is the best place to buy or sell services for just about anything Open Source. http://p.sf.net/sfu/Xq1LFB ___ Emc-users mailing list Emc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/emc-users
Re: [Emc-users] Telnet Interface Questions
Realistic? I get messages from my intrusion detectors every day of folks from all over the world scanning my ports, trying to find a way in. They hit a block of IP addresses and scan all of them in that block. One thing you can do is to use tcp wrappers on your IP stack. Deny everybody but your own LAN addresses access to your machines. We've used wrappers for years on our Unix boxes here at work, and I think it even comes bundled in Ubuntu. You just have to modify your /etc/hosts.allow and /etc/hosts.deny files to enable tcpd. I think it's already built in to xinetd. Mark At 02:28 PM 1/11/2009, you wrote: Let's be realistic about this. What are the chances of a hacker randomly scanning IP addresses and ports on the web and finding a running emcrsh session? Even if one did, what is the likelihood of him then recognizing the connection and trying to take over your machine? I'd say you have probably got more chance of being hit on the head by a meteorite. If you are running a high profile operation and advertise the fact that your machine is controlled over the internet then maybe someone would give it a go. Les Eric H. Johnson wrote: Les, The passwords are passed as plain text, so a determined hacker would not have much difficulty sniffing out the passwords. One option for increasing security over the Internet is to run the telnet session over an ssh connection. That way all transactions will be encrypted and it adds an additional password layer. The telnet socket could then be blocked at the router or firewall, and only allow the ssh socket through. Regards, Eric -- Check out the new SourceForge.net Marketplace. It is the best place to buy or sell services for just about anything Open Source. http://p.sf.net/sfu/Xq1LFB ___ Emc-users mailing list Emc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/emc-users
Re: [Emc-users] Telnet Interface Questions
Mark Wendt (Contractor) wrote: Realistic? I get messages from my intrusion detectors every day of folks from all over the world scanning my ports, trying to find a way in. They hit a block of IP addresses and scan all of them in that block. A very effective way to stop this is to use denyhosts. I have now set the limits very tight, if a particular IP is the source of more than 2 unsuccessful login attempts within a month, it gets added to the hosts.deny list, and takes 180 days to get off that list. I had some very determined hackers using a stable of several hundred compromised nodes to attack my machine. They are still trying, but they are totally being blocked. The main feature of denyhosts is that it doesn't care about port number, any failed login from ANY port is added to the threshold, and then being on hosts.deny pretty much blocks any access. Jon -- This SF.net email is sponsored by: SourcForge Community SourceForge wants to tell your story. http://p.sf.net/sfu/sf-spreadtheword ___ Emc-users mailing list Emc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/emc-users
Re: [Emc-users] Telnet Interface Questions
One good security measure is to change the port number. First the hacker has to find your port then they have to crack the password (obviously don't use the standard password). Of course that assumes you want to connect remotely over the internet (why???). Otherwise just block the port on your firewall. Les Kent A. Reed wrote: I tip my hat to you for the nice work you've been doing, Andrew. Sweet. This last bit of your message, however, brings home how important it is that we all practice safe connections (ala safe sex). It's chilling to think of a hacker turning on a real machine. It seems to me one can never be too paranoid with any machinery that (1) can cause physical damage or personal injury, (2) allows for the possibility of remote control and (3) connects to the Internet so any scumbag can try his hand at it. I'm not suggesting you personally don't know the drill, Andrew, but a number of messages on this list suggest that some of our users are Unix/Linux neophytes. Please, people, please be sure your systems are locked down. There are plenty of books and websites providing chapter and verse about good system security practices. Read...understand...implement...maintain. I know I sound like a dotty maiden aunt about this, but from almost the moment my former place of employment went online we saw frequent break-in attempts by people who were obviously trying just because they could---there certainly wasn't any pot of gold lying in wait behind the firewall. If you think our EMC2 work is too arcane for black-hat hackers to bother with, just remember we're posted all over the net (this list, the Wiki, SourceForge, YouTube, CNCZone, etc.) so there are plenty of interesting hints of potential targets for those who are so inclined. One of my grandmother's favorite aphorisms was An ounce of prevention is worth a pound of cure. Regards, Kent -- Check out the new SourceForge.net Marketplace. It is the best place to buy or sell services for just about anything Open Source. http://p.sf.net/sfu/Xq1LFB ___ Emc-users mailing list Emc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/emc-users -- Check out the new SourceForge.net Marketplace. It is the best place to buy or sell services for just about anything Open Source. http://p.sf.net/sfu/Xq1LFB ___ Emc-users mailing list Emc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/emc-users
Re: [Emc-users] Telnet Interface Questions
Les, That's security by obscurity, and hasn't really worked well for a good many years. There are port scan and port mapping tools out there that can read all the ports on your machine in a heartbeat, and know which ones are open, which ones are closed, and what process is behind each individual port. Many processes running behind open ports don't require the use of passwords - ie, http, NFS, et. Your best bet if you are going to keep a machine online is to keep it up to date with patches, occasionally run an intrusion detection tool (I run mine every 4 hours on my machines at work - they aren't CNC machines though, so you'd probably want to run them when the CNC software is not in use) and shut down any unnecessary processes and services, especially network services, so that you can't be hacked through those ports. The intrusion detection software is nice, because it can detect changes in individual files, letting you know that somebody has gotten in and done something wonky. Mark At 04:51 AM 1/11/2009, you wrote: One good security measure is to change the port number. First the hacker has to find your port then they have to crack the password (obviously don't use the standard password). Of course that assumes you want to connect remotely over the internet (why???). Otherwise just block the port on your firewall. Les Kent A. Reed wrote: I tip my hat to you for the nice work you've been doing, Andrew. Sweet. This last bit of your message, however, brings home how important it is that we all practice safe connections (ala safe sex). It's chilling to think of a hacker turning on a real machine. It seems to me one can never be too paranoid with any machinery that (1) can cause physical damage or personal injury, (2) allows for the possibility of remote control and (3) connects to the Internet so any scumbag can try his hand at it. I'm not suggesting you personally don't know the drill, Andrew, but a number of messages on this list suggest that some of our users are Unix/Linux neophytes. Please, people, please be sure your systems are locked down. There are plenty of books and websites providing chapter and verse about good system security practices. Read...understand...implement...maintain. I know I sound like a dotty maiden aunt about this, but from almost the moment my former place of employment went online we saw frequent break-in attempts by people who were obviously trying just because they could---there certainly wasn't any pot of gold lying in wait behind the firewall. If you think our EMC2 work is too arcane for black-hat hackers to bother with, just remember we're posted all over the net (this list, the Wiki, SourceForge, YouTube, CNCZone, etc.) so there are plenty of interesting hints of potential targets for those who are so inclined. One of my grandmother's favorite aphorisms was An ounce of prevention is worth a pound of cure. Regards, Kent -- Check out the new SourceForge.net Marketplace. It is the best place to buy or sell services for just about anything Open Source. http://p.sf.net/sfu/Xq1LFB ___ Emc-users mailing list Emc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/emc-users -- Check out the new SourceForge.net Marketplace. It is the best place to buy or sell services for just about anything Open Source. http://p.sf.net/sfu/Xq1LFB ___ Emc-users mailing list Emc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/emc-users -- Check out the new SourceForge.net Marketplace. It is the best place to buy or sell services for just about anything Open Source. http://p.sf.net/sfu/Xq1LFB ___ Emc-users mailing list Emc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/emc-users
Re: [Emc-users] Telnet Interface Questions
Les, The passwords are passed as plain text, so a determined hacker would not have much difficulty sniffing out the passwords. One option for increasing security over the Internet is to run the telnet session over an ssh connection. That way all transactions will be encrypted and it adds an additional password layer. The telnet socket could then be blocked at the router or firewall, and only allow the ssh socket through. Regards, Eric One good security measure is to change the port number. First the hacker has to find your port then they have to crack the password (obviously don't use the standard password). Of course that assumes you want to connect remotely over the internet (why???). Otherwise just block the port on your firewall. -- Check out the new SourceForge.net Marketplace. It is the best place to buy or sell services for just about anything Open Source. http://p.sf.net/sfu/Xq1LFB ___ Emc-users mailing list Emc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/emc-users
Re: [Emc-users] Telnet Interface Questions
Eric H. Johnson wrote: Les, The passwords are passed as plain text, so a determined hacker would not have much difficulty sniffing out the passwords. One option for increasing security over the Internet is to run the telnet session over an ssh connection. That way all transactions will be encrypted and it adds an additional password layer. The telnet socket could then be blocked at the router or firewall, and only allow the ssh socket through. Regards, Eric One good security measure is to change the port number. First the hacker has to find your port then they have to crack the password (obviously don't use the standard password). Of course that assumes you want to connect remotely over the internet (why???). Otherwise just block the port on your firewall. telnet for communications in 2009? Like Eric pointed out, using a tunnel lessens the possibility of a break in but you still have to run telnet daemon either standalone or from inetd on the receiving end, socketed or not. Why not use SSL? That would not require changes on the receiving end. See sclient http://www.rtfm.com/openssl-examples/ There is tons more. Search SSL example If no other tools are available, telnet is good for one thing: test for a listening port. Most of the time you can't tell more than system is listening on it or not. telnet somehost port number -- Rafael -- Check out the new SourceForge.net Marketplace. It is the best place to buy or sell services for just about anything Open Source. http://p.sf.net/sfu/Xq1LFB ___ Emc-users mailing list Emc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/emc-users
Re: [Emc-users] Telnet Interface Questions
Rafael, As the author of that particular interface, my main objectives were: 1 As simple a network interface as possible. 2 An interface that does not change with each version of EMC. I don't see how it could be much simpler than this. All one has to do to work out an interface is to put loadusr emcrsh in a hal file, issue telnet address port from the client machine, and then issue the command help. Since the protocol is plain text, one just need to type in the commands in a telnet session, then reproduce those commands in whatever automated process they choose to use (program, script, macro, etc.) The client does not need to know what version of EMC it is talking to, and in fact a smart interface could potentially talk to multiple EMC based machines simultaneously which themselves may be running different versions and configurations. There are means of locking this down from a security stand point, like running over ssh, but doing it this way puts that burden on the advanced users rather than encumbering the novices with having to learn all these things up front just to get a simple interface running. Regards, Eric telnet for communications in 2009? Like Eric pointed out, using a tunnel lessens the possibility of a break in but you still have to run telnet daemon either standalone or from inetd on the receiving end, socketed or not. Why not use SSL? That would not require changes on the receiving end. See sclient http://www.rtfm.com/openssl-examples/ There is tons more. Search SSL example If no other tools are available, telnet is good for one thing: test for a listening port. Most of the time you can't tell more than system is listening on it or not. telnet somehost port number -- Check out the new SourceForge.net Marketplace. It is the best place to buy or sell services for just about anything Open Source. http://p.sf.net/sfu/Xq1LFB ___ Emc-users mailing list Emc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/emc-users
Re: [Emc-users] Telnet Interface Questions
Let's be realistic about this. What are the chances of a hacker randomly scanning IP addresses and ports on the web and finding a running emcrsh session? Even if one did, what is the likelihood of him then recognizing the connection and trying to take over your machine? I'd say you have probably got more chance of being hit on the head by a meteorite. If you are running a high profile operation and advertise the fact that your machine is controlled over the internet then maybe someone would give it a go. Les Eric H. Johnson wrote: Les, The passwords are passed as plain text, so a determined hacker would not have much difficulty sniffing out the passwords. One option for increasing security over the Internet is to run the telnet session over an ssh connection. That way all transactions will be encrypted and it adds an additional password layer. The telnet socket could then be blocked at the router or firewall, and only allow the ssh socket through. Regards, Eric -- Check out the new SourceForge.net Marketplace. It is the best place to buy or sell services for just about anything Open Source. http://p.sf.net/sfu/Xq1LFB ___ Emc-users mailing list Emc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/emc-users
Re: [Emc-users] Telnet Interface Questions
Eric, Eric H. Johnson wrote: Rafael, As the author of that particular interface, my main objectives were: 1 As simple a network interface as possible. 2 An interface that does not change with each version of EMC. I don't see how it could be much simpler than this. All one has to do to work out an interface is to put loadusr emcrsh in a hal file, issue telnet address port from the client machine, and then issue the command help. Since the protocol is plain text, one just need to type in the commands in a telnet session, then reproduce those commands in whatever automated process they choose to use (program, script, macro, etc.) The client does not need to know what version of EMC it is talking to, and in fact a smart interface could potentially talk to multiple EMC based machines simultaneously which themselves may be running different versions and configurations. There are means of locking this down from a security stand point, like running over ssh, but doing it this way puts that burden on the advanced users rather than encumbering the novices with having to learn all these things up front just to get a simple interface running. I believe that what you are working on is great. My response is not a critique of your work. It's simply a comment saying that it would be better to use a safer transport mechanism for the same thing you are doing with telnet. I don't think that it would be more difficult for the end user to use than the one you implemented already if telnet was replaced with encrypted version. Thinking of it, there used to be a secure telnet available some time back but haven't seen anything about it for years. Everybody uses ssh these days. There is another utility which is better than telnet IMO. Netcat http://netcat.sourceforge.net There is a version available for Windows I believe, if that's what you need. What's especially great about netcat is that it allows you to watch or interact with it's live socket connections. Excellent for troubleshooting or development. See usage examples for telnet like session etc. at http://www.g-loaded.eu/2006/11/06/netcat-a-couple-of-useful-examples/ Of course, you still need to use ssh to secure the session. Reminds me of a simple netcat use to knockout some obnoxious spammer during NT days :-) It's safer to use more secure methods for communicating between the systems on the network from the beginning rather than trying to fix it later. You newer know when next newbie will put your code on the system and then bad things might happen. Just my experience. CNC machines are production grade after all and one would not want to end up with broken parts. Regards, Eric -- Rafael -- Check out the new SourceForge.net Marketplace. It is the best place to buy or sell services for just about anything Open Source. http://p.sf.net/sfu/Xq1LFB ___ Emc-users mailing list Emc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/emc-users
Re: [Emc-users] Telnet Interface Questions
On Sun, 2009-01-11 at 19:28 +, Leslie Newell wrote: Let's be realistic about this. What are the chances of a hacker randomly scanning IP addresses and ports on the web and finding a running emcrsh session? Even if one did, what is the likelihood of him then recognizing the connection and trying to take over your machine? I'd say you have probably got more chance of being hit on the head by a meteorite. If you are running a high profile operation and advertise the fact that your machine is controlled over the internet then maybe someone would give it a go. Les Eric H. Johnson wrote: Les, The passwords are passed as plain text, so a determined hacker would not have much difficulty sniffing out the passwords. One option for increasing security over the Internet is to run the telnet session over an ssh connection. That way all transactions will be encrypted and it adds an additional password layer. The telnet socket could then be blocked at the router or firewall, and only allow the ssh socket through. Regards, Eric The problem is leaving the telnet port open. I may be wrong here, but I believe, all a hacker needs is an IP address that has telnet open, then scan the port until someone logs in and records the password. If root logs in, your dead. Script kitties can use a script to automate this, so all they need to do is start it, and wait. I get port and password scanned almost daily. --- Kirk http://www.wallacecompany.com/machine_shop/ -- Check out the new SourceForge.net Marketplace. It is the best place to buy or sell services for just about anything Open Source. http://p.sf.net/sfu/Xq1LFB ___ Emc-users mailing list Emc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/emc-users
Re: [Emc-users] Telnet Interface Questions
Rafael Skodlar wrote: [snip] It's safer to use more secure methods for communicating between the systems on the network from the beginning rather than trying to fix it later. You newer know when next newbie will put your code on the system and then bad things might happen. Just my experience. CNC machines are production grade after all and one would not want to end up with broken parts. While I usually agree with this, I think I disagree in this case. The most common usage for this type of connection will be a headless EMC2 machine connected to a machine in the same building, possibly in the same cabinet. Although it would be possible to use a more secure connection, it's unnecessary for the majority of users. Anyone who wants to connect their machine or their local network to the internet needs to use one or more of the many available tools to secure their machine (external firewall), or the connection (use an ssh-encrypted socket, or whatever). Putting the complexity of authentication and security into emcrsh seems like a duplication of effort, since there are already tools to secure machines from the single socket/port level up to entire networks. Again, the simplest way to eliminate this problem is just to not connect the EMC2 machine to the internet. - Steve -- Check out the new SourceForge.net Marketplace. It is the best place to buy or sell services for just about anything Open Source. http://p.sf.net/sfu/Xq1LFB ___ Emc-users mailing list Emc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/emc-users
Re: [Emc-users] Telnet Interface Questions
On Sunday 11 January 2009, Stephen Wille Padnos wrote: Rafael Skodlar wrote: [snip] It's safer to use more secure methods for communicating between the systems on the network from the beginning rather than trying to fix it later. You newer know when next newbie will put your code on the system and then bad things might happen. Just my experience. CNC machines are production grade after all and one would not want to end up with broken parts. While I usually agree with this, I think I disagree in this case. The most common usage for this type of connection will be a headless EMC2 machine connected to a machine in the same building, possibly in the same cabinet. Although it would be possible to use a more secure connection, it's unnecessary for the majority of users. Anyone who wants to connect their machine or their local network to the internet needs to use one or more of the many available tools to secure their machine (external firewall), or the connection (use an ssh-encrypted socket, or whatever). Putting the complexity of authentication and security into emcrsh seems like a duplication of effort, since there are already tools to secure machines from the single socket/port level up to entire networks. Again, the simplest way to eliminate this problem is just to not connect the EMC2 machine to the internet. And that I will disagree with Steven. However would we keep them uptodate without that net connection? However, let me clarify the definition of network here. Everything is on an odd subnet of 192.168.x.x here, with a dd-wrt based router doing all the firewalling and NATing required to do this. So effectively nothing here is 'directly' connected to the net except dd-wrt. The only incoming paths open here are an ssh path into the dd-wrt based router, secured by a strong passwd, and an oddish port that is open and relayed to this machine for my web server to use. Gaining access to the rest of the machines here would require one to ssh to one of them from the router, and knowledge of the other, different passwds to get on in. However, there is no way in hell I'd ever plug a cable from the dsl modem directly into any of my machines, so in that sense, I agree with Steven. -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) Cold, adj.: When the politicians walk around with their hands in their own pockets. -- Check out the new SourceForge.net Marketplace. It is the best place to buy or sell services for just about anything Open Source. http://p.sf.net/sfu/Xq1LFB ___ Emc-users mailing list Emc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/emc-users
Re: [Emc-users] Telnet Interface Questions
Hi Leslie, Leslie Newell wrote: Let's be realistic about this. What are the chances of a hacker randomly scanning IP addresses and ports on the web and finding a running emcrsh Realistic? Chances are exactly 100%. Looking at my linux firewall I see tons of scans on all kinds of ports every day so chances are they will scan your system in less than an day if not in few hours or minutes. While this is not a mailing list for computer security topics, it's important to say that one needs to be vigil in that respect all the time. Let's say you are a contractor for another company making special parts for a mechanism that ends up in some military equipment. Somebody breaks into a Linux box and steals a file with G code for that part... It doesn't need to be work for military stuff at all. It could be a prototype for a patent application, sample for a big job bid, etc. Bad guys don't have fun with 'rm -rf /*' because you would notice it right away. They want your data, knowledge, or zombies to search for such elsewhere. As a systems administrator I would not approve of anybody telneting from the outside to a system on the network I'm responsible for. We already have too many problems let's not add another one when it can easily be avoided. session? Even if one did, what is the likelihood of him then recognizing the connection and trying to take over your machine? I'd say you have One would only need to inject a special string that would execute like a shell during a session. It could simply sniff for the password, create a user account and prepare for a long hideout. Don't forget man in the middle attack where payload is spiced with special code. Tools are already there. http://books.google.com/books?id=A0D4KhXjQ7MCpg=PA254lpg=PA254dq=break+into+telnet+sessionsource=webots=XOI_4-LxXpsig=eaYz-AlbBUiDcN3DywcqUi1NnUwhl=ensa=Xoi=book_resultresnum=6ct=result probably got more chance of being hit on the head by a meteorite. What was the common perception, never mind the government, of probability for global recession last summer when the oil prices reached $147 per barrel? 0. So what's the bet? Precision rail guide or a stepper motor? If you are running a high profile operation and advertise the fact that your machine is controlled over the internet then maybe someone would give it a go. No need to advertise. Traffic is simply monitored for type protocols, applications, etc. use on servers. Bad guys keep databases of systems of interest and when a vulnerability is discovered they know which systems can be turned into zombies right away. Only paranoid systems administrators can sleep well at night because they protect systems from the beginning. Les -- Rafael -- Check out the new SourceForge.net Marketplace. It is the best place to buy or sell services for just about anything Open Source. http://p.sf.net/sfu/Xq1LFB ___ Emc-users mailing list Emc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/emc-users
Re: [Emc-users] Telnet Interface Questions
Remember, emcrsh is using a Telnet compatible interface but it isn't a Telnet shell like rsh for example. Something like emcrsh isn't going to allow anyone to execute code on your machine or read your user or root passwords. If you have a port open then a hacker can try accessing it. The worst they can do is guess at the password needed to log into emcrsh, assuming they manage to guess what emcrsh does. They could then interfere with operation of the machine. Just having a port open on your machine doesn't automatically allow others to scan any data going through that connection. The only way hackers can do that is if they can intercept the packets as the travel between the remote machine and emcrsh. If you are using emcrsh via a local network (a much more likely scenario), outside hackers won't be able to read your password or anything else. Most routers out of the box only allow access to a limited number of ports. If you are using emc locally then simply don't enable that port in your router/firewall. A much more likely scenario is a malicious user trying to mess around with a CNC machine that is on the same local network. However if you are running a business big enough to have malicious users on it's network you should already have security protocols in place. Les The problem is leaving the telnet port open. I may be wrong here, but I believe, all a hacker needs is an IP address that has telnet open, then scan the port until someone logs in and records the password. If root logs in, your dead. Script kitties can use a script to automate this, so all they need to do is start it, and wait. I get port and password scanned almost daily. --- -- Check out the new SourceForge.net Marketplace. It is the best place to buy or sell services for just about anything Open Source. http://p.sf.net/sfu/Xq1LFB ___ Emc-users mailing list Emc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/emc-users
Re: [Emc-users] Telnet Interface Questions
Realistic? Chances are exactly 100%. Looking at my linux firewall I see
tons of scans on all kinds of ports every day so chances are they will
scan your system in less than an day if not in few hours or minutes.
I'm not saying you won't get scanned. The point is that very, very few
hackers are likely to know (or want to know) about emcrsh. It is all
very well having access to a port but it doesn't do you any good if you
can't do anything with it. Additionally emcrsh uses quite a high port
number. Most firewalls detect port scans and after the first few they
simply report all ports are closed.
As a systems administrator I would not approve of anybody telneting from
the outside to a system on the network I'm responsible for. We already
have too many problems let's not add another one when it can easily be
avoided.
Remember the emcrsh isn't a normal shell. It is simply a text based
front end for emc that can communicate over a network. Telnet is just a
client that can talk over a network. If you really want you can send
emails by telneting directly to an email MTA such as exim. Does that
mean all MTAs are dangerous security risks?
One would only need to inject a special string that would execute like a
shell during a session.
How? The only possibility I can think of is some clever buffer overrun
exploit. Emcrsh does actually have a buffer overrun problem but all it
will do is cause a segfault and shut emcrsh down. I have attached a
patch that fixes the problem.
It could simply sniff for the password, create a
user account and prepare for a long hideout. Don't forget man in the
middle attack where payload is spiced with special code. Tools are
already there.
This assumes the hacker is in a position to intercept packets. Just
having an open port doesn't automatically give a hacker access to the
data going through it. How can you create a user account? emcrsh does
not have a function to do this.
What was the common perception, never mind the government, of
probability for global recession last summer when the oil prices reached
$147 per barrel? 0.
Actually it was pretty much a foregone conclusion. The economy goes up
steadily, sharply peaks then crashes. The cycle then repeats. The bigger
the peak, the harder the crash. This has gone on pretty much since the
invention of money. Only short sighted and greedy bankers and
speculators don't seem to realize this.
No need to advertise. Traffic is simply monitored for type protocols,
applications, etc. use on servers. Bad guys keep databases of systems
of interest and when a vulnerability is discovered they know which
systems can be turned into zombies right away.
But emcrsh is a very rarely used application. How many emcrsh sessions
are active at the moment behind firewalls/routers that have port 5007
open? You can probably count them on one hand. Very few hackers are
going to spend time trying to find ways of subverting it when they know
it is only run on a tiny handful of computers.
Only paranoid systems administrators can sleep well at night because
they protect systems from the beginning.
And if you are sensible you will make sure your firewall does not have
port 5007 open. This solves the problem. If you really do need to allow
external connections then there are plenty of secure options already
available.
Les
Index: emcrsh.cc
===
RCS file: /cvs/emc2/src/emc/usr_intf/emcrsh.cc,v
retrieving revision 1.13
diff -u -p -r1.13 emcrsh.cc
--- emcrsh.cc 23 Dec 2008 15:48:23 - 1.13
+++ emcrsh.cc 11 Jan 2009 23:42:49 -
@@ -2636,8 +2686,8 @@ int parseCommand(connectionRecType *cont
void *readClient(void *arg)
{
- char str[1600];
- char buf[1600];
+ char str[1601];
+ char buf[1601];
unsigned int i, j;
int len;
connectionRecType *context;
--
Check out the new SourceForge.net Marketplace.
It is the best place to buy or sell services for
just about anything Open Source.
http://p.sf.net/sfu/Xq1LFB___
Emc-users mailing list
Emc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/emc-users
Re: [Emc-users] Telnet Interface questions
Hi Andrew, The problem is that the messages are deleted once they have been read. In most cases the GUI will get the messages because it is polling them quite frequently. By the time emcrsh gets there they have been swallowed by the gui. Unfortunately to change this would require a major redesign of emc's messaging system. Les AKSYS Tech Pty Ltd wrote: Hi, I have been working on a Ethernet based pendant/operator console for EMC for a little while now (whenever I get a spare moment) , and have run into a little problem. I am using the EMCRSH, Telnet interface to EMC. My pendant was going to be quite a simple affair, but as things go, it has grown larger that first anticipated. I now have up to 84 inputs, being pushbuttons, rotary switches and encoders, and LED indicators for all of these inputs. I also have a 8 digital photo frame as a monitor. These are all controlled by a microprocessor, which is also handling the Ethernet connection to my mini-itx EMC computer. The problem I am having is when I get an error from EMC, I can't get the error message back to my pendant. I have tried the Get Operator_display, Get Operator_text and Get error commands, but none of these are returning an error to me. I am testing this by issuing a simple G01 command from MDI mode, this should invoke an error in regard to having no federate. I get an error displayed on my EMC computer, but all my status reporting to my micro are returning OK's. Is there some other command I should be using??? Regards Andrew -- Check out the new SourceForge.net Marketplace. It is the best place to buy or sell services for just about anything Open Source. http://p.sf.net/sfu/Xq1LFB ___ Emc-users mailing list Emc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/emc-users
Re: [Emc-users] Telnet Interface questions
On Saturday 10 January 2009, Leslie Newell wrote: The problem is that the messages are deleted once they have been read. In most cases the GUI will get the messages because it is polling them quite frequently. By the time emcrsh gets there they have been swallowed by the gui. Unfortunately to change this would require a major redesign of emc's messaging system. Remove the 'queue' type from the emcError buffer line in your *.nml config. You can also locate the updateError() function in shcom.cc, and change emcErrorBuffer-read() to emcErrorBuffer-peek(), then recompile. You will then be able to read most recent error message passed from lower levels. -- Check out the new SourceForge.net Marketplace. It is the best place to buy or sell services for just about anything Open Source. http://p.sf.net/sfu/Xq1LFB ___ Emc-users mailing list Emc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/emc-users
Re: [Emc-users] Telnet Interface questions
Remove the 'queue' type from the emcError buffer line in your *.nml config. Removing the 'queue' type might lead to problems, as more than one error messages won't get stored. Any subsequent error messages will overwrite existing ones in the channel. Currently task and iocontrol are 2 examples of error message sources, and if errors happen from both, one of the two could get lost. (at least that's my interpretetion of it from the RCS handbook...) You can also locate the updateError() function in shcom.cc, and change emcErrorBuffer-read() to emcErrorBuffer-peek(), then recompile. You will then be able to read most recent error message passed from lower levels. peek() and a faster update rate should definately make a difference. Regards, Alex -- Check out the new SourceForge.net Marketplace. It is the best place to buy or sell services for just about anything Open Source. http://p.sf.net/sfu/Xq1LFB ___ Emc-users mailing list Emc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/emc-users
Re: [Emc-users] Telnet Interface questions
On Saturday 10 January 2009, Alex Joni wrote: Remove the 'queue' type from the emcError buffer line in your *.nml config. Removing the 'queue' type might lead to problems, as more than one error messages won't get stored. Any subsequent error messages will overwrite existing ones in the channel. Currently task and iocontrol are 2 examples of error message sources, and if errors happen from both, one of the two could get lost. (at least that's my interpretetion of it from the RCS handbook...) Yes, which is why I said: You will then be able to read most recent error message passed from lower levels. -- Check out the new SourceForge.net Marketplace. It is the best place to buy or sell services for just about anything Open Source. http://p.sf.net/sfu/Xq1LFB ___ Emc-users mailing list Emc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/emc-users
Re: [Emc-users] Telnet Interface questions
I don't have any suggestions - the code guys are better in that regard - butI do have a question - is your pendant project a commercial venture or an open source that you'll publish somewhere? I'm interested in what you're doing. Making my own intelligent pendant would be appealing (ok, pretty damn cool too - especially if I involve my dad for some help implementing touch panel tech from a previous job as opposed to buttons). At the very least let us know how your project turns out when it gets to where it's going. Greg www.distinctperspectives.com -Original Message- From: AKSYS Tech Pty Ltd [mailto:a...@austarnet.com.au] Sent: Saturday, January 10, 2009 7:30 AM To: emc-users@lists.sourceforge.net Subject: [Emc-users] Telnet Interface questions Hi, I have been working on a Ethernet based pendant/operator console for EMC for a little while now (whenever I get a spare moment) , and have run into a little problem. I am using the EMCRSH, Telnet interface to EMC. My pendant was going to be quite a simple affair, but as things go, it has grown larger that first anticipated. I now have up to 84 inputs, being pushbuttons, rotary switches and encoders, and LED indicators for all of these inputs. I also have a 8 digital photo frame as a monitor. These are all controlled by a microprocessor, which is also handling the Ethernet connection to my mini-itx EMC computer. The problem I am having is when I get an error from EMC, I can't get the error message back to my pendant. I have tried the Get Operator_display, Get Operator_text and Get error commands, but none of these are returning an error to me. I am testing this by issuing a simple G01 command from MDI mode, this should invoke an error in regard to having no federate. I get an error displayed on my EMC computer, but all my status reporting to my micro are returning OK's. Is there some other command I should be using??? Regards Andrew -- Check out the new SourceForge.net Marketplace. It is the best place to buy or sell services for just about anything Open Source. http://p.sf.net/sfu/Xq1LFB ___ Emc-users mailing list Emc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/emc-users -- Check out the new SourceForge.net Marketplace. It is the best place to buy or sell services for just about anything Open Source. http://p.sf.net/sfu/Xq1LFB ___ Emc-users mailing list Emc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/emc-users
Re: [Emc-users] Telnet Interface Questions
Andrew wrote: Hi Guys, ...It is totally remotable, in that you could have a screen with the estop button on it in the US, and I could have the cycle start button here in Australia and the machine could be in Timbuktu. (Not sure why you would do this, but you could if your little heart desired). The EMC side of this needs to be finished off, as it is suffering from the same error message reporting problems. I tip my hat to you for the nice work you've been doing, Andrew. Sweet. This last bit of your message, however, brings home how important it is that we all practice safe connections (ala safe sex). It's chilling to think of a hacker turning on a real machine. It seems to me one can never be too paranoid with any machinery that (1) can cause physical damage or personal injury, (2) allows for the possibility of remote control and (3) connects to the Internet so any scumbag can try his hand at it. I'm not suggesting you personally don't know the drill, Andrew, but a number of messages on this list suggest that some of our users are Unix/Linux neophytes. Please, people, please be sure your systems are locked down. There are plenty of books and websites providing chapter and verse about good system security practices. Read...understand...implement...maintain. I know I sound like a dotty maiden aunt about this, but from almost the moment my former place of employment went online we saw frequent break-in attempts by people who were obviously trying just because they could---there certainly wasn't any pot of gold lying in wait behind the firewall. If you think our EMC2 work is too arcane for black-hat hackers to bother with, just remember we're posted all over the net (this list, the Wiki, SourceForge, YouTube, CNCZone, etc.) so there are plenty of interesting hints of potential targets for those who are so inclined. One of my grandmother's favorite aphorisms was An ounce of prevention is worth a pound of cure. Regards, Kent -- Check out the new SourceForge.net Marketplace. It is the best place to buy or sell services for just about anything Open Source. http://p.sf.net/sfu/Xq1LFB ___ Emc-users mailing list Emc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/emc-users
