Jump to content
Security Installer Community

Ip Signalling And Network Configuration


Recommended Posts

I'm just looking at changing some theoretical vulnerabilities into actual exploits on some IP signalling boards.

 

Some of these would rely on the signalling board being accessible on the network from a PC (specifically, can the PC send broadcast traffic and the signalling board receive it).

 

So when these boards are installed, how is the network connection normally provided? Is it just plugged into any available network port? Is a specific VLAN created (or any other segregation from the rest of the network)?

I have a blog, some of which is about alarm security and reverse engineering:
http://cybergibbons.com/

 

 

 

Link to comment
Share on other sites

So, if a PC on the same subnet could reconfigure the IP address/gateway, perform a denial-of-service attack, or even act as a man-in-the-middle, would that be considered a problem?

 

It's far easier to compromise one of many PCs that a single embedded board, you see.

I have a blog, some of which is about alarm security and reverse engineering:
http://cybergibbons.com/

 

 

 

Link to comment
Share on other sites

Be a major problem, but no one in the whole sees it. When we have IP devices on corporate networks, they tend to VLAN our gear inc DVRs off but the average commercial/residential alarm we just sit on the network as does everything else.

www.securitywarehouse.co.uk/catalog/

Link to comment
Share on other sites

If you just take out the LAN interface, then a dual path device is going to cause an alarm, yes.

 

But if you can change the gateway, you can act as a man-in-the-middle. If the protocol has no message authentication, sequencing etc. then you can just act as if everything is OK.

 

It's just a nasty hole to leave open.

I have a blog, some of which is about alarm security and reverse engineering:
http://cybergibbons.com/

 

 

 

Link to comment
Share on other sites

If the protocol has no message authentication, sequencing etc. then you can just act as if everything is OK.

 

Are there any signalling products that have no message authentication?

 

MITM attack is possible but unlikely IMO.

Signalling devices are sold on how simples they are for monkeys to fit, I doubt the average installer would be able to setup VLAN's or separate subnets.

 

Wouldn't it also depend which path is first priority?

Link to comment
Share on other sites

Are there any signalling products that have no message authentication?

 

MITM attack is possible but unlikely IMO.

Signalling devices are sold on how simples they are for monkeys to fit, I doubt the average installer would be able to setup VLAN's or separate subnets.

 

Wouldn't it also depend which path is first priority?

 

Yes, some signalling products appear to have to message authentication - it appears to be trivial to spoof responses.

 

MITM is unlikely currently. But then if one product can be MITMed and another can't, which one is better?

 

With respect to path priority, if you can act as MITM on the secondary LAN interface and then respond with a message saying "Reconfigure all inputs to not trigger on changes", then it doesn't matter that the other path is untouched.

I have a blog, some of which is about alarm security and reverse engineering:
http://cybergibbons.com/

 

 

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.