[CRTech] Christian Radio Tech [MSG 79196]
[Thread Prev] [-- Thread Index --] [Thread Next] [Date Prev] [-- Date Index --] [Date Next]
Re: Re: Shodan, Google, and hacking explained (Was: hacking continued)
To: CRTech <crtech@crtech.org>
Subject: Re: Re: Shodan, Google, and hacking explained (Was: hacking continued)
From: Sherrod Munday <smunday@ieee.org>
Date: Wed, 15 Mar 2017 17:12:23 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ieee-org.20150623.gappssmtp.com; s=20150623; h=mime-version:subject:from:in-reply-to:date :content-transfer-encoding:message-id:references:to; bh=6XQH9hy5IgB2DCWoZEfHEFiKWFUIshHwnJDR6n900FU=; b=kO+M81pM0nVGz2FyftVwsVIFnB2ZE8KkZoSRuGnBrbAixEPHmQ0nz/0sKbLUUboJGm Azj9rlE+6b5KEKUCvyaraUxiUsmqptlEL+Ywz/Uh0IyoFFRZ54rCeTAe88MOmWVf7dOG HmmlZwNkAmteb88Cmk00T+K0Le4lctvkVoFOdaa85iy9Ao8ZQyRJDP9RCm133Ks2TRxz dbNo2EZ1qUUyA4qAA65kEVDvUPsVIenKsPRBTdUGBdpDuYcWv4fm3nVvW3pcm6CKh+M1 n0afYrJXfev7XYoWcnsqleCbOZf6oAqg6bc8kILnpkUBcomvfwhTkppquPjNAYsp+lwF gY5A==
In-reply-to: <f361f4aa-d9ea-ba3b-8ab0-aeb365568f2a@spiritfm.org>
References: <812f36bb-e2cc-bf85-ba40-df7d81d2e32b@knlr.com> <CA+0ZtTbaKdN5=+5Az7+QMLY2bJSmn-5ZpVyAHTA5TQ+xg=-uDg@mail.gmail.com> <BN6PR08MB246701D62D41EC66378345DBB5240@BN6PR08MB2467.namprd08.prod.outlook.com> <07dc058b-68e1-ab5c-6449-1d451da55bda@reyware.us> <CAJHfeBtkWNoMDzpxPeGowe1YxqoM6oWwkgFnV62qMjYkCMsKbA@mail.gmail.com> <01A5D49F-F6D7-40B2-BB88-05E3AA4F1D4E@ieee.org> <BBA7DCB2-46BC-412D-8916-559F9D19F2D0@ieee.org> <DE4D7402-3D5D-4E58-8934-9F56F6229D2B@ieee.org> <CA+0ZtTafB8ETSJYk9HDFk0+eVxgYm3s5ocb0831jQimbpmzT5A@mail.gmail.com> <002f01d29dcd$386fe740$a94fb5c0$@pilgrimradio.com> <f361f4aa-d9ea-ba3b-8ab0-aeb365568f2a@spiritfm.org>
On Mar 15, 2017, at 16:49, Jim McDermott <jim@spiritfm.org> wrote:
> Does this mean that this station's AmBOS receiver has a public IP?

No.

It means that it is available *through* a firewall, because someone set up a port-forward through their firewall. 

Looking at the AmbOS receiver will only show a private unroutable IP address.  It's only when you look at the firewall configuration that you would find that a port-forward was set up, so that a request to a specific port number at a certain IP address will result in the request being "DNAT"-ted (Destination Network Address Translation) to the private internal IP address that is ***INSIDE*** the radio station's PRIVATE LAN.

This is a fairly common practice for convenience, but it doesn't offer any more security than the device itself natively offers.

If the device is hardened and has strong protection against unauthorized access, then you'd be fairly well-protected.

If, however, the device has vulnerabilities, then that could open up a portal for an attacker to get *behind*/*inside* the company's firewall, from which it's a lot easier to launch a devastating attack.

For all of you who like your consumer webcams at the transmitter or studio available remotely on the Public Internet, check out the video below from the Defcon Black Hat 2013 conference on hacking webcams.  I will forewarn you that the speaker and the material he uses do not exemplify a model of certain words that you would want to have your children hear or see on the screen, and they're definitely not ones I use.  Worldly people do and speak worldly things.  But the information he shares is an eye-opener if you thought you were secure just because you have a firewall.

http://bit.ly/2mtMmnW

—
Sherrod Munday
<smunday@ieee.org>

References: hacking continued
(Terry Cowan <tcowan@knlr.com>, 14 Mar 2017 15:43:11 -0000)
Re: hacking continued
(Matthew Chambers <mchambers@showmeham.info>, 14 Mar 2017 15:45:06 -0000)
RE: hacking continued
(Mike Shane <mshane@salemomaha.com>, 14 Mar 2017 23:42:25 -0000)
Re: hacking continued
(dave allen <crtech-mail@reyware.us>, 15 Mar 2017 14:19:11 -0000)
Re: hacking continued
(BIll Moede <bmoedereplay@gmail.com>, 15 Mar 2017 14:37:48 -0000)
Shodan, Google, and hacking explained (Was: hacking continued)
(Sherrod Munday <smunday@ieee.org>, 15 Mar 2017 18:29:23 -0000)
Re: Shodan, Google, and hacking explained (Was: hacking continued)
(Sherrod Munday <smunday@ieee.org>, 15 Mar 2017 18:52:02 -0000)
Re: Shodan, Google, and hacking explained (Was: hacking continued)
(Sherrod Munday <smunday@ieee.org>, 15 Mar 2017 20:27:03 -0000)
Re: Re: Shodan, Google, and hacking explained (Was: hacking continued)
(Matthew Chambers <mchambers@showmeham.info>, 15 Mar 2017 20:39:59 -0000)
RE: Re: Shodan, Google, and hacking explained (Was: hacking continued)
("Bill Hurne" <billhurne@pilgrimradio.com>, 15 Mar 2017 20:46:42 -0000)
Re: Re: Shodan, Google, and hacking explained (Was: hacking continued)
(Jim McDermott <jim@spiritfm.org>, 15 Mar 2017 20:49:57 -0000)
Prev by date: Re: Re: Shodan, Google, and hacking explained (Was: hacking continued)
(Sherrod Munday, 15 Mar 2017 21:01:39 -0000)
Next by date: Re: Unusual sources of dropouts
(Paul Brown, 15 Mar 2017 22:10:33 -0000)
Prev by thread: Re: Re: Shodan, Google, and hacking explained (Was: hacking continued)
(Jim McDermott, 15 Mar 2017 20:49:57 -0000)
Next by thread: Re: Re: Shodan, Google, and hacking explained (Was: hacking continued)
(Sherrod Munday, 15 Mar 2017 21:01:39 -0000)
CRTech.org