nanog mailing list archives
Re: Spitballing IoT Security
From: Jean-Francois Mezei <jfmezei_nanog () vaxination ca>
Date: Wed, 26 Oct 2016 13:30:38 -0400
While I agree that fixing home routers is the best approach, something bugs me. If an IoT vendor doesn't even know that its devices have telnet or ssh enabled by default (and hence, no management interface to change passwords) and only focuses on the web interface it has added , then how come the kernel would be "UPnP" the telnet port to tell the router to send inbound telnet to that device ? And how do routers deal with multiple cameras each sending a "send port 23 requests to me" ? I can understand a computer sending a UPnP request when you start a game to tell router to forward inbound calls to a certain port to that computer/app. But for IoT devices that are on all the time, there should be static setup, not UPnP.
Current thread:
- Re: Spitballing IoT Security, (continued)
- Re: Spitballing IoT Security Eric S. Raymond (Oct 26)
- Re: Spitballing IoT Security Mel Beckman (Oct 26)
- Re: Spitballing IoT Security Eric S. Raymond (Oct 26)
- Re: Spitballing IoT Security Mel Beckman (Oct 26)
- Re: Spitballing IoT Security Ronald F. Guilmette (Oct 26)
- Re: Spitballing IoT Security Valdis . Kletnieks (Oct 26)
- Re: Spitballing IoT Security Ronald F. Guilmette (Oct 26)
- Re: Spitballing IoT Security Jean-Francois Mezei (Oct 26)
- Re: Spitballing IoT Security Ronald F. Guilmette (Oct 26)
- Re: Spitballing IoT Security Leo Bicknell (Oct 26)
- Re: Spitballing IoT Security Jean-Francois Mezei (Oct 26)
- Re: Spitballing IoT Security JORDI PALET MARTINEZ (Oct 26)
- Re: Spitballing IoT Security jim deleskie (Oct 26)
- Re: Spitballing IoT Security Jean-Francois Mezei (Oct 26)
- Re: Spitballing IoT Security Ken Matlock (Oct 26)
- Re: Spitballing IoT Security Mark Andrews (Oct 26)
- Re: Spitballing IoT Security Jean-Francois Mezei (Oct 26)
- Re: Spitballing IoT Security Brandon Butterworth (Oct 26)
- Re: Spitballing IoT Security Ronald F. Guilmette (Oct 26)
- Re: Spitballing IoT Security Mark Andrews (Oct 26)
- Re: Spitballing IoT Security bzs (Oct 27)