Jump to content

Accessing the ISY without /o/p and /o/x?


d_l

Recommended Posts

Posted

While trying to test my router and ISY for remote access, I accidentally discovered that the ISY was accessible without the "/o/x" on the address. The ISY IP and port number are all that are necessary. Then I noticed that "/o/p" was not needed for local LAN access either.

 

At first I thought this was some sort of router local loopback or browser cache effect, but now I'm pretty certain I was accessing the ISY without those address suffixes.

 

When did this happen? I must have missed the announcement about this in version 2.6?

Posted

d_l,

 

/0/p is no longer needed ... we removed it a long time ago but we have left it there for backward compatibility.

 

If you are accessing ISY remotely, you do need the /0/x otherwise you will get socket errors as Admin console will try to open a port to a local address as advertised by ISY.

 

With kind regards,

Michel

 

While trying to test my router and ISY for remote access, I accidentally discovered that the ISY was accessible without the "/o/x" on the address. The ISY IP and port number are all that are necessary. Then I noticed that "/o/p" was not needed for local LAN access either.

 

At first I thought this was some sort of router local loopback or browser cache effect, but now I'm pretty certain I was accessing the ISY without those address suffixes.

 

When did this happen? I must have missed the announcement about this in version 2.6?

Posted

If you are accessing ISY remotely, you do need the /0/x otherwise you will get socket errors as Admin console will try to open a port to a local address as advertised by ISY.

 

Thanks Michel. If I'm accessing the ISY without the "/0/x" , that must mean my dual WAN router's local loopback is working which is something that I wasn't certain about and haven't found a way to disable that function.

 

Actually once I discovered this, I became a little concerned about anyone on the internet being able to partially access my ISY if the "/0/x" was not required. My thinking was that anyone could stumble across sending an http probe to my IP and its unique port without the "/0/x" and be able to see my ISY's main page contents in the background behind the login window. Although they could not access the ISY without passing the login, the positive response from the ISY might encourage intensive login cracking attempts. The "/0/x" in the address adds an extra little security twist.

 

Lest anyone think I'm paranoid, I review my router logs regularly and do see what I think are hacking attempts and not simplistic trojan attacks on occasion.

Posted

d_l,

 

Don't worry! I am almost as paranoid as you are: though we cannot really do much about denial of service attacks but in our next release will incorporate SSL/HTTPS to make the in/out bound more secure. At the moment, the only problem is the high cost of SSL certificates.

 

With kind regards,

Michel

 

If you are accessing ISY remotely, you do need the /0/x otherwise you will get socket errors as Admin console will try to open a port to a local address as advertised by ISY.

 

Thanks Michel. If I'm accessing the ISY without the "/0/x" , that must mean my dual WAN router's local loopback is working which is something that I wasn't certain about and haven't found a way to disable that function.

 

Actually once I discovered this, I became a little concerned about anyone on the internet being able to partially access my ISY if the "/0/x" was not required. My thinking was that anyone could stumble across sending an http probe to my IP and its unique port without the "/0/x" and be able to see my ISY's main page contents in the background behind the login window. Although they could not access the ISY without passing the login, the positive response from the ISY might encourage intensive login cracking attempts. The "/0/x" in the address adds an extra little security twist.

 

Lest anyone think I'm paranoid, I review my router logs regularly and do see what I think are hacking attempts and not simplistic trojan attacks on occasion.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...