Serial threat on the internet

Terminal servers connect serial ports to the net
Source: Rapid7 Security expert HD Moore warns of the existence of unprotected terminal servers on the internet. The researcher says that he found over 100,000 such systems during his analyses, and that more than 13,000 provided administrative access without requesting a password.

Terminal servers are essentially a kind of serial interface that extends into the internet. By accessing a specific TCP port, users can remotely "talk" to the serial port of the device that is connected to it. Often, these devices are control systems or provide maintenance access. HD Moore said that he used SNMP queries to identify 114,000 terminal servers by Digi and Lantronix alone, and that 95,000 were exposed to the internet through mobile connections such as GPRS or 3G.

Terminal servers can very often be used to access control systems such as that of a launderette
Source: HD Moore, Rapid7 The problem is that these connections are often insufficiently protected or not protected at all. Moore said that a little over 13,000 unique serial ports were exposed that offered some form of system shell, console, data feed, or administrative menu.

The researcher explained that he found a smorgasbord of system types that could be classed into various categories, from traffic signal monitors and a launderette management system complete with connected payment terminals to corporate VPN servers.

When such systems are hooked up to the internet, for example in order to enable remote maintenance features, adequate protection must also be provided. Measures can include limiting access via VPNs or setting up an SSH tunnel that requires strong authentication. Incidentally, Moore based his investigation on the controversial Internet Census data, for which an unknown party used a custom botnet to scan the entire internet and then released the results.

(djwm)