Options
Can a Master refuse a Master-To-Master connection?
Joe Hebert
Posts: 2,159
in AMX Hardware
If there are two Masters (MasterA, MasterB), is there a way for MasterB to refuse a Master-to-Master connection when MasterA puts MasterB in its URL list?
I searched tech notes and found TN469 which refers to "Route Mode Normal? and "Route Mode Direct" but I don?t think that?s what I?m looking for.
Thanks.
I searched tech notes and found TN469 which refers to "Route Mode Normal? and "Route Mode Direct" but I don?t think that?s what I?m looking for.
Thanks.
0
Comments
No there is no direct way to prevent connection from an other master in m2m mode, excepted if both masters have same system number, in such case they won't connect together due to conflict of system number.
Vinc
Upon further review ? I was replying to another thread when the light bulb when off. I believe all that needs to be done is to change the default port number to something other than 1319 and then add password protection if need be.
I need to insure that there is absolutely no way (as no way as no way gets) for a rogue master or any other rogue networked device to be able to trigger events or monitor events in a master that needs to be secured. If I change the port and add password protection (and change the default ports for telnet, ftp, and http) will that do the trick?
Thanks.
I ask because I have a customer who complained to me recently that his audio system came on by itself. I checked the log, and saw all the page flips from his panel that would be expected if someone walked up to it and pushed the buttons to turn it on. I asked him if it were possible that someone in the househjold simply turned it on unknown to him, and left the room, but he insists no one was near the panel at the time. The only thing I could think of was an outside access, which I thought very unlikely; but the only security I had on the master and the G4 control were of the obscurity nature - after all, who would be scanning for open VNC ports, then turning on the stereo if they got in? Yet, it was the only answer if in fact it wasn't someone in the household that somehow slipped his notice for a moment (also pretty unlikely - it's just himself and his wife, who was know to be on another floor).
Are we seeing, perhaps, a new awareness of the ports and protocols we use for AMX systems? Is a new breed of hacker targeting control systems?
Take a look at the SANS report for the last 40 days of reports on VNC port 5800 (default VNC server port for the client) http://isc.sans.org/port_details.php?port=5800
or port 5900 (default VNC java server port)
http://isc.sans.org/port_details.php?port=5900
I think I?ll be alright if I properly configure the master. If anyone thinks I won?t be or if anyone has any suggestions please let me know.
Thanks.
I wouldn't say "targeting" control systems, but very well just coming across it and playing with it. All you need is a VNC viewer (like RealVNC) and whamo - you're in.
We had the same issue that you described with one of our clients. In the middle of the night, the TV would come on and tune to a channel. This was an older job that I did not program, so all the page flips were in the panel and not in code. We password protected G4WC and there has not been any problems since.
We're doing this with ALL of our jobs and going back to old jobs to protect them, as well as using the NetLinx security now. You can never be too safe . . . just make sure you either write down all the usernames & passwords, or blanket all your jobs with the same ones. It would be pretty bad if you forget them.