We have moved at community.getvera.com

Author Topic: Block device operation through port 3480 data_request  (Read 2207 times)

Offline dreamcryer

  • Jr. Member
  • **
  • Posts: 56
  • Karma: +2/-2
Block device operation through port 3480 data_request
« on: April 29, 2015, 09:03:40 pm »
Is there any way to block requests sent through port 3480 data_request endpoint? Let's say somehow the attacker gets into my home network, I don't want him to disarm my security monitor or unlock my door through sending local HTTP request to Vera (or access Vera web interface).

One way I could think of is to have a MAC address filter on Vera to only accept requests from limited devices. Any other idea?

Offline RichardTSchaefer

  • Community Beta
  • Master Member
  • ******
  • Posts: 10091
  • Karma: +764/-143
Re: Block device operation through port 3480 data_request
« Reply #1 on: April 29, 2015, 09:20:11 pm »
How about securing your home network!
If people get on your home network ... there is a lot more at risk as it's easy easier pickings for the devices on your LAN.

Offline futzle

  • Beta Testers
  • Master Member
  • *****
  • Posts: 3260
  • Karma: +192/-9
Re: Block device operation through port 3480 data_request
« Reply #2 on: April 29, 2015, 11:40:39 pm »
There are lots of attack vectors with a Vera. Port 3480 is one of the most obvious, which you could probably block by messing with iptables on Vera. But you would also need to block port 80, because the web server running on Vera (lighttpd) redirects any URL starting with /port_3480/ to port 3480. If you wanted to block only _some_ of the URLs going to port 80 you are in deep packet inspection territory.

Historically there is also a port 49451 or similar, which may or may not be an alias for port 3480 any more.

Also you would need to block SSH access on port 22, or at least generate a key pair and enable private key authentication, so that you can disable the low-security legacy password login that Vera ships with.

That's just the vulnerabilities that we know about. Vera's OpenWrt base does not get patched often, so there are likely exploits in system utilities running on the Vera.

It's probable that you could do this better if you put Vera on its own subnet and managed traffic to it at the router level.  Doing this will also give you better opportunities to log connections without the attacker covering their tracks by deleting log files on the Vera.

Some of these will affect your ability to use Vera on your LAN as an automation device.

Offline dreamcryer

  • Jr. Member
  • **
  • Posts: 56
  • Karma: +2/-2
Re: Block device operation through port 3480 data_request
« Reply #3 on: April 30, 2015, 05:11:40 pm »
Great answers, guys.

Yeah, securing home network is of course the first step. I am just thinking deeper to reduce attack surface and increase depth of defense. There are just so many attack vectors. Home network security is gonna be very interesting in future years.