Home AMX User Forum AMXForums Archive Threads AMX Hardware

Can a Master refuse a Master-To-Master connection?

If there are two Masters (MasterA, MasterB), is there a way for MasterB to refuse a Master-to-Master connection when MasterA puts MasterB in its URL list?

I searched tech notes and found TN469 which refers to "Route Mode Normal? and "Route Mode Direct" but I don?t think that?s what I?m looking for.

Thanks.

Comments

  • vincenvincen Posts: 526
    Joe Hebert wrote:
    If there are two Masters (MasterA, MasterB), is there a way for MasterB to refuse a Master-to-Master connection when MasterA puts MasterB in its URL list?
    I searched tech notes and found TN469 which refers to "Route Mode Normal? and "Route Mode Direct" but I don?t think that?s what I?m looking for.

    No there is no direct way to prevent connection from an other master in m2m mode, excepted if both masters have same system number, in such case they won't connect together due to conflict of system number.

    Vinc
  • Joe HebertJoe Hebert Posts: 2,159
    Default port numbers and password protection

    Upon further review ? I was replying to another thread when the light bulb when off. I believe all that needs to be done is to change the default port number to something other than 1319 and then add password protection if need be.

    I need to insure that there is absolutely no way (as no way as no way gets) for a rogue master or any other rogue networked device to be able to trigger events or monitor events in a master that needs to be secured. If I change the port and add password protection (and change the default ports for telnet, ftp, and http) will that do the trick?

    Thanks.
  • DHawthorneDHawthorne Posts: 4,584
    This raises the question: do you have reason to suspect a rogue master or illicit operator accessing your system?

    I ask because I have a customer who complained to me recently that his audio system came on by itself. I checked the log, and saw all the page flips from his panel that would be expected if someone walked up to it and pushed the buttons to turn it on. I asked him if it were possible that someone in the househjold simply turned it on unknown to him, and left the room, but he insists no one was near the panel at the time. The only thing I could think of was an outside access, which I thought very unlikely; but the only security I had on the master and the G4 control were of the obscurity nature - after all, who would be scanning for open VNC ports, then turning on the stereo if they got in? Yet, it was the only answer if in fact it wasn't someone in the household that somehow slipped his notice for a moment (also pretty unlikely - it's just himself and his wife, who was know to be on another floor).

    Are we seeing, perhaps, a new awareness of the ports and protocols we use for AMX systems? Is a new breed of hacker targeting control systems?
  • pdabrowskipdabrowski Posts: 184
    DHawthorne wrote:
    after all, who would be scanning for open VNC ports, then turning on the stereo if they got in?

    .....

    Are we seeing, perhaps, a new awareness of the ports and protocols we use for AMX systems? Is a new breed of hacker targeting control systems?
    very likely that you might have a scriptkiddie scanning ports and then connecting just for kicks.
    Take a look at the SANS report for the last 40 days of reports on VNC port 5800 (default VNC server port for the client) http://isc.sans.org/port_details.php?port=5800
    or port 5900 (default VNC java server port)
    http://isc.sans.org/port_details.php?port=5900
  • Joe HebertJoe Hebert Posts: 2,159
    DHawthorne wrote:
    This raises the question: do you have reason to suspect a rogue master or illicit operator accessing your system? ?
    No I don?t. I have an application that contains sensitive data and demands super duper security. If I can?t completely lock down the master then I?ll have to insist that it sits on its own network with no physical ties to anything else. However, that will limit my ability to provide additional functionality that the client would like to have.

    I think I?ll be alright if I properly configure the master. If anyone thinks I won?t be or if anyone has any suggestions please let me know.

    Thanks.
  • jjamesjjames Posts: 2,908
    DHawthorne wrote:
    Are we seeing, perhaps, a new awareness of the ports and protocols we use for AMX systems? Is a new breed of hacker targeting control systems?

    I wouldn't say "targeting" control systems, but very well just coming across it and playing with it. All you need is a VNC viewer (like RealVNC) and whamo - you're in.

    We had the same issue that you described with one of our clients. In the middle of the night, the TV would come on and tune to a channel. This was an older job that I did not program, so all the page flips were in the panel and not in code. We password protected G4WC and there has not been any problems since.

    We're doing this with ALL of our jobs and going back to old jobs to protect them, as well as using the NetLinx security now. You can never be too safe . . . just make sure you either write down all the usernames & passwords, or blanket all your jobs with the same ones. It would be pretty bad if you forget them.
Sign In or Register to comment.