Jump to content

Accessing the ISY without /o/p and /o/x?

d_l

By d_l
in ISY994

Recommended Posts

d_l Member

d_l

Posted
Posted

While trying to test my router and ISY for remote access, I accidentally discovered that the ISY was accessible without the "/o/x" on the address. The ISY IP and port number are all that are necessary. Then I noticed that "/o/p" was not needed for local LAN access either.

 

At first I thought this was some sort of router local loopback or browser cache effect, but now I'm pretty certain I was accessing the ISY without those address suffixes.

 

When did this happen? I must have missed the announcement about this in version 2.6?

Link to comment
Michel Kohanim Wise Elder

Michel Kohanim

Posted
Posted

d_l,

 

/0/p is no longer needed ... we removed it a long time ago but we have left it there for backward compatibility.

 

If you are accessing ISY remotely, you do need the /0/x otherwise you will get socket errors as Admin console will try to open a port to a local address as advertised by ISY.

 

With kind regards,

Michel

 

While trying to test my router and ISY for remote access, I accidentally discovered that the ISY was accessible without the "/o/x" on the address. The ISY IP and port number are all that are necessary. Then I noticed that "/o/p" was not needed for local LAN access either.

 

At first I thought this was some sort of router local loopback or browser cache effect, but now I'm pretty certain I was accessing the ISY without those address suffixes.

 

When did this happen? I must have missed the announcement about this in version 2.6?

Link to comment
d_l Member

d_l

Posted
  • Author
Posted

If you are accessing ISY remotely, you do need the /0/x otherwise you will get socket errors as Admin console will try to open a port to a local address as advertised by ISY.

 

Thanks Michel. If I'm accessing the ISY without the "/0/x" , that must mean my dual WAN router's local loopback is working which is something that I wasn't certain about and haven't found a way to disable that function.

 

Actually once I discovered this, I became a little concerned about anyone on the internet being able to partially access my ISY if the "/0/x" was not required. My thinking was that anyone could stumble across sending an http probe to my IP and its unique port without the "/0/x" and be able to see my ISY's main page contents in the background behind the login window. Although they could not access the ISY without passing the login, the positive response from the ISY might encourage intensive login cracking attempts. The "/0/x" in the address adds an extra little security twist.

 

Lest anyone think I'm paranoid, I review my router logs regularly and do see what I think are hacking attempts and not simplistic trojan attacks on occasion.

Link to comment
Michel Kohanim Wise Elder

Michel Kohanim

Posted
Posted

d_l,

 

Don't worry! I am almost as paranoid as you are: though we cannot really do much about denial of service attacks but in our next release will incorporate SSL/HTTPS to make the in/out bound more secure. At the moment, the only problem is the high cost of SSL certificates.

 

With kind regards,

Michel

 

If you are accessing ISY remotely, you do need the /0/x otherwise you will get socket errors as Admin console will try to open a port to a local address as advertised by ISY.

 

Thanks Michel. If I'm accessing the ISY without the "/0/x" , that must mean my dual WAN router's local loopback is working which is something that I wasn't certain about and haven't found a way to disable that function.

 

Actually once I discovered this, I became a little concerned about anyone on the internet being able to partially access my ISY if the "/0/x" was not required. My thinking was that anyone could stumble across sending an http probe to my IP and its unique port without the "/0/x" and be able to see my ISY's main page contents in the background behind the login window. Although they could not access the ISY without passing the login, the positive response from the ISY might encourage intensive login cracking attempts. The "/0/x" in the address adds an extra little security twist.

 

Lest anyone think I'm paranoid, I review my router logs regularly and do see what I think are hacking attempts and not simplistic trojan attacks on occasion.

Link to comment

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...