Friday, October 05, 2007

How Exposed in Public Cellular IP

One of the concerns about having a PUBLIC IP address for cellular is your exposure to public hackers probing public IPs for services. In theory, you pay for all of these attempts since the mobile IP system encapsulates and transports them all on your behalf.

I'm happy to report that after logging such attempts for many months my cellular devices receive less than 4 probes in any one day and likely under 20 total per month. So many days pass with no probes at all and it appears to stay under 2-3K per month. This compares to perhaps 200 probes per day on my DSL router/firewall.

I am not sure why the difference, although I'd guess it has to do with the high initial latency in contacting a cellular IP. So any "script-kiddie" tool scanning IP address ranges probably is not willing to wait up to 5 seconds for cellular devices on busy towers which need "unparking" to respond.

What kinds of probes are they? Mainly those looking for MS-SQL servers, with a rare access to FTP and the remainder of accesses aimed to seemingly random, unnamed ports - likely associated with trojans or zombie networks.

5 comments:

Chris said...

Hey, I just located your Blog through some Google searching (curiously enough, while searching for info on Modicon PLC TCP/IP communication issues), and must say that you have written some fascinating articles.

I'm going to forward your link to my SCADA/Controls colleagues and will be sure to visit in the future for more updates!

Anonymous said...

Hi Lynn. i am trying to sent data between SCADA system Bailey Infi90 (INIIR-01 serial RS232 gateways) using serial servers in "Serial Tunneling" Configuration with ESR902 devices over WAN, but the link is broken a few seconds later. I hope you can help me with the configuration that I must use.

Lynn August Linse said...

You need to discover who "breaks" the connection.

If it is the "serial tunnel" pieces, then there's some incorrect setting. I would think the tunnel could stay up forever, but you need to have at least a 4+ minute TCP keepalive set. One problem I'd forsee - if the originator of the serial tunnel won't wait 5-10 seconds at least, then it likely aborts the tunnel before it can realistically open.

If the tunnel drops due to host/protocol timout, then you may not be able to do this ever. Best bet is to try using any dialup/radio modem mode it might have.

For example, a Siemens PPI protocol demands an (ACK) in a few milliseconds, which cannot work across cellular, However telling the host you're using radio modems relaxes this demand.

Unknown said...

Hi there Lynn
Expanding this topic a little....have you worked with SCADA over broadband satellite ? We are looking at connecting a remote station with a commercial broadband consumer type connection service ( monthly fee for a certain amount of speed and data throughput ). A topic on protocols over satellite would be great. We're looking at UHF radio modems using DF1-RM to a satellite hub and then out to the HMI. Perhaps I should start a new thread as this could be of interest to others.

Unknown said...

Hi there Lynn
Expanding this topic a little....have you worked with SCADA over broadband satellite ? We are looking at connecting a remote station with a commercial broadband consumer type connection service ( monthly fee for a certain amount of speed and data throughput ). A topic on protocols over satellite would be great. We're looking at UHF radio modems using DF1-RM to a satellite hub and then out to the HMI. Perhaps I should start a new thread as this could be of interest to others.