nanog mailing list archives

Re: Spitballing IoT Security

From: Aled Morris <aledm () qix co uk>
Date: Tue, 25 Oct 2016 09:49:41 +0100

On 25 October 2016 at 09:37, Jean-Francois Mezei <
jfmezei_nanog () vaxination ca> wrote:


One way around this is for the pet feeder to initiate outbound
connection to a central server, and have the pet onwer connect to that
server to ask the server to send command to his pet feeder to feed the dog.


This is pretty common but, IMHO, the worst solution to this problem.

It creates a dependence on a cloud service which is typically undocumented
(what protocol do they use?  where is the server located, China?); a
centralised service is a security risk in it's own right (crack one server,
own all the pet feeders); and it is liable to disappear when the operator
goes out of business, rendering all the products sold useless.

A strength of IP is that it is fundamentally a peer-to-peer protocol,
please don't break that.  NAT broke it but IPv6 can fix it again.

There's nothing wrong with accepting incoming connections if the device is
secure.  If your problem is security, fix that.  Don't throw the baby out
with the bath water.

Aled

Current thread:

RE: Death of the Internet, Film at 11, (continued)
- - - RE: Death of the Internet, Film at 11 Emille Blanc (Oct 24)
    - Re: Death of the Internet, Film at 11 Ronald F. Guilmette (Oct 25)
    - Re: Death of the Internet, Film at 11 bzs (Oct 25)
    - Re: Death of the Internet, Film at 11 Aaron C. de Bruyn via NANOG (Oct 24)
    - Spitballing IoT Security Ronald F. Guilmette (Oct 24)
    - Re: Spitballing IoT Security Jared Mauch (Oct 24)
    - Re: Spitballing IoT Security Matthias Waehlisch (Oct 24)
    - Re: Spitballing IoT Security Jared Mauch (Oct 25)
    - Re: Spitballing IoT Security Ronald F. Guilmette (Oct 25)
    - Re: Spitballing IoT Security Jean-Francois Mezei (Oct 25)
    - Re: Spitballing IoT Security Aled Morris (Oct 25)
    - Re: Spitballing IoT Security Bruce Curtis (Oct 25)
    - Re: Spitballing IoT Security Ronald F. Guilmette (Oct 25)
    - Re: Spitballing IoT Security Eliot Lear (Oct 26)
    - Re: Spitballing IoT Security Mike Meredith (Oct 27)
    - Re: Spitballing IoT Security Mel Beckman (Oct 27)
    - Re: Spitballing IoT Security Eliot Lear (Oct 28)
    - RE: Spitballing IoT Security Keith Medcalf (Oct 27)
    - RE: Spitballing IoT Security bzs (Oct 27)
    - Re: Spitballing IoT Security Jim Hickstein (Oct 28)
    - Re: Spitballing IoT Security bzs (Oct 28)

(Thread continues...)