开云体育

Can I turn ICMP off?

Brad Lives All Messages By This Member #207468 Hi all, this?might be?one for the IT guys but. I have a?cp3n with authentication turned on, and appropriate wan port forwards?setup to allow remote administration etc. However the?processor?is getting a lot?of failed?password?login attempts from the open?internet. This may even be resulting in the cp3n webserver shutting itself off, as this has happened twice now. My question is, If I disable ICMP?in the cp3n,?can I assume?it will be?less visible?on the?internet? And if I do this, will the cp3n?still be able to resolve the mycrestron.com as before? What do you think would be?the downside if any, is there a better way to stop these login attempts? Brad SolutionAV
Lincoln King-Cliby All Messages By This Member #207469 开云体育 Not necessarially – there are a lot of bots that try standard ports on ranges of IP addresses without trying a ping first ? Best course of action is to not expose the CP3 to the Internet at large (use a VPN for access – and since both Android and iOS devices have built-in VPN clients this shouldn’t be that big of a deal) ? If for some reason a VPN isn’t optional use PAT to at least move the services you have to expose off of the well-known ports. ? -- Lincoln King-Cliby, CTS, DMC-E-4K/T/D Commercial Market Director Sr. Systems Architect \| Crestron Certified Master Programmer (Gold) Crestron Services Provider \| Biamp Audia Certified \| Extron Control Professional From: Crestron@... [mailto:Crestron@...] Sent: Tuesday, September 08, 2015 8:41 PM To: Crestron@... Subject: [Crestron] Can I turn ICMP off? ? Hi all, this?might be?one for the IT guys but. ? I have a?cp3n with authentication turned on, and appropriate wan port forwards?setup to allow remote administration etc. ? However the?processor?is getting a lot?of failed?password?login attempts from the open?internet. This may even be resulting in the cp3n webserver shutting itself off, as this has happened twice now. ? My question is, If I disable ICMP?in the cp3n,?can I assume?it will be?less visible?on the?internet? And if I do this, will the cp3n?still be able to resolve the mycrestron.com as before? What do you think would be?the downside if any, is there a better way to stop these login attempts? ? Brad SolutionAV ? ? ?
Steve Schnugg All Messages By This Member #207470 There was a thread on this a while back. ?Make sure you change SSH port 22 to something different. ?Leaving port 22 exposed will definitely cause your processor to stop working due to a large number of hacker password attempts.
Jeremy Weatherford All Messages By This Member #207473 Any other port number will still result in a large number of attempts once it is discovered (doesn't take long at all).? The only winning move is not to play (on the public Internet, with a very fragile device). toggle quoted message Show quoted text On Wed, Sep 9, 2015 at 7:48 AM, steve@... [Crestron] <Crestron@...> wrote: ? There was a thread on this a while back.? Make sure you change SSH port 22 to something different.? Leaving port 22 exposed will definitely cause your processor to stop working due to a large number of hacker password attempts. -- Jeremy Weatherford
Steve Schnugg All Messages By This Member #207484 I've had zero issues with many systems since moving the SSH port way away from where it was. ?Agreed on using VPN as a best case scenario, but so many of our clients are not tech savvy and starting VPN would be a hurdle too hard to overcome for many.
sound.scan All Messages By This Member #207509 Another reason why Crestron needs to implement NAT traversal comm services into it's firmware that can be used for the Crestron app at minimum. It is already partially implemented as part of the MyCrestron portal but needs to be extended. If their competitors can do it then Crestron should as well. Maybe at CEDIA...
Brad Lives All Messages By This Member #207555 Thanks, All very helpful. Will have a look for the other thread too. Cheers Brad

Previous Topic Next Topic