Please do not put your MIP5000 console on the public internet

[Fatboy]

Mods, feel free to move this post. I saw there was a ton of locked posts in the console forum.

If you happen to put your MIP5000 Gateways on the public internet, then please do not be surprised when you get a nasty letter from the FBI that your MIP5000 Gateways are participating in DDOS attacks on Fortune 500 companies. It turns out there is an exploit in the NTP protocol. It is called an NTP Reflection Attack. We saw symptoms on the customer side of intermittent dropped audio, Gateways rebooting, very high bandwidth traffic loads, etc. I still cannot understand why they are on the public facing internet. It has been a long couple of weeks. FB

 

[phonebuff]

Okay, I have to ask why would anyone put a MIPS or anthing else on the Internet. TAt least us pfSense or Untangle or MonoWall or "insert your firewall preference here". My experience has been most people put Consoles MIPS, TELEX, AVTEC whatever on a privtae isolated VLAN.

Here is the CERT notice an NTP.org notice.

https://ics-cert.us-cert.gov/advisories/ICSA-14-353-01A
http://support.ntp.org/bin/view/Main/SecurityNotice

 

[p47r4ck]

Okay, I have to ask why would anyone put a MIPS or anything else on the Internet....

Ok, glad to know I wasn't the only one thinking that... dear God :bang:

Anything being used for mission-critical work seems like it would be on a leased circuit if it's in a fixed location. Otherwise, some kind of VPN solution if you're using a commodity Internet connection or other public network.

 

[Fatboy]

It was the only time I have ever seen it as well. Freaked me out. Basically, the previous vendor's sales person did the install. All the mip base radio antennas are within a few inches of each other.......at high power uhf... no lightning protection. Big WTF.... FB

 

[com501]

But, but, but- the Internet's secure, isn't it? :bang:

 

[mss-dave]

Certainly. ..... and passwords are always strong.

 

[Akash1]

But But But, look at the benefits.... I can be browsing the Internets, be on the facebook, and this site when I am not talking to someone on the radio :bang:

 

[Fatboy]

My main issue is that the MIP (and Telex C-Soft) rely on multicast packets, which are a no-go over the internet (in another thread we were discussing tunneling, which I prefer the DCB UT-3302 for use with MIP and Telex consoles). So the response of needing it on the internet is bogus. Then, we went down the road of having it on the internet for "maintenance" and "troubleshooting" which is a FAIL. When I asked why not just dual nic the MIP Server and Console, then use our Corporate Remote Admin Tool for remote "maintenance" and "troubleshooting" I received Radio Shack style blank stares in return. Each MIP Gateway was consuming a whole 100MB in uplink bandwidth during these attacks, I am begging the system admin for logs or graphs.......... FB

 

[Astro Spectra]

It's simple to run multicast 'over' the Internet using Cisco routers at each site and implementing a GRE tunnel. Happy to post sample configs if there is any interest.

 

[phonebuff]

Yes,

You can do GRE tunnels in Cisco IOS and Adtran AOS, and probably many other routers, In fact I think even pfSense does it these days.

But the DCB solution is just so much easier and transparent to the Routers.

@FB - You sure it's an attack of some kind, and not just MultiCast traffic being echoed back on it self somewhere .. Seen that with Telex installs a number of times, and I had to use the Proxy capability of the DCB to isolate it an prevent the loops. Best debug tool will be wireshark, but if it's a corporate IT support group, good luck getting the pcap files

============

 

[Fatboy]

Letter from the FBI to the customers sys admin was very specific. Typical LAN traffic is very predictable with the MIP. Allegedly attacks stick out in the logs, which I haven't seen yet. FB

 

[d119]

Lets just lay it out for what it is - Anyone using MIP 5000 as a primary dispatch console deserves this kind of crap. GARBAGE IN = GARBAGE OUT. 'Nuff said.

Locked. (Just kidding).