bottleneck
Choose style:

Author Topic: IoT Monitoring  (Read 4267 times)

0 Members and 1 Guest are viewing this topic.

Offline tamcgaughey

  • Newbie
  • Posts: 2
  • Thanks: 0
  • Registered : 20/12/2016
    YearsYearsYearsYearsYearsYearsYearsYears
IoT Monitoring
« on: April 03, 2017, 10:03:06 am »
Hi - I turned on the IOT Security feature because ATT sent me a notice indicating a device has the Mirai botnet.  However, it hasn't helped me isolate the device yet.

The only thing I can see if that ATT indicates that source port is 20783 and destination port is 23.  I have one device with your scan indicating port 23 open, can't figure out how to close it as you don't have as many configuration options on your side and that device doesn't either.  Also that device with port 23 open doesn't seem to have odd traffic from it when review web history.  I've done the usual make sure passwords aren't default, etc

Any thoughts, suggestions?

« Last Edit: April 03, 2017, 11:45:35 am by mparadis »

Offline mparadis

  • Backer
  • *
  • Posts: 1765
  • Thanks: 3
  • Registered : 02/08/2013
    YearsYearsYearsYearsYearsYearsYearsYearsYearsYearsYears
Re: IoT Monitoring
« Reply #1 on: April 03, 2017, 11:54:26 am »
Have you identified the device yet? If so I would investigate from there. As of now I don't believe the Almond IoT provides remedies only monitoring. I am under the impression they will be adding an actions section at some point. I would expect to look into the device causing the issue to solve it.

Offline hitesh_manwar

  • Chestnut
  • ***
  • Posts: 38
  • Thanks: 0
  • Registered : 03/05/2016
    YearsYearsYearsYearsYearsYearsYearsYears
Re: IoT Monitoring
« Reply #2 on: April 04, 2017, 05:07:43 am »
Hi tamcgaughey,

Port 23 is used for Telnet and devices with open Telnet and weak passwords are most vulnerable to Mirai - like Malware. Almond's scan would have identified this device. Can you post a screenshot here? Furthermore, were you able to access the telnet of the device and change the password?

Open telnet ports cannot be closed by Almond. You should contact the device vendor and seek their support on how to fix the issue. It's an oversight on the part of the device vendor to keep the telnet port open. Typically a firmware update should fix it. If your device is already infected by Mirai, you can try resetting the device or remove it completely from the network in case you get the warning again.

@mparadis is right - Almond's IoT security can only monitor and identify vulnerable and suspicious devices as of now. It's on our roadmap to fix specific security issues.

 You can read through the following article to understand more:

https://krebsonsecurity.com/2016/10/who-makes-the-iot-things-under-attack/

Offline tamcgaughey

  • Newbie
  • Posts: 2
  • Thanks: 0
  • Registered : 20/12/2016
    YearsYearsYearsYearsYearsYearsYearsYears
Re: IoT Monitoring
« Reply #3 on: April 10, 2017, 12:34:57 pm »
Thank you for the response.  I think I know which device as its the only device showing port 23 open and I've schedule a support call with them tomorrow, we'll see how that goes.

 

Page created in 0.069 seconds with 17 queries.