Re: [foxboro] Foxwacth2?
- From: "Mark Dumond" <mdumond@xxxxxxxxxxxxxx>
- To: <foxboro@xxxxxxxxxxxxx>
- Date: Tue, 25 Feb 2003 14:04:30 -0500
Those IP address (151.128.8.xxx) are IP addresses on the I/A nodebus, =
which
are separate and independent from the plant "second ethernet" network. =
The
Foxwatch equipment should not be accessible from the plant network, =
since
the nodebus and plant networks are physically separated.
Well, there is one exception.... The AW can route IP packets from =
nodebus
to/from the plant network if:
1. The AW has its routing capability turned on (for example, to route
to/from le0 and le1)
2. The remote/plant-side PC (that is trying to access the foxwatch =
device)
has an IP route added to its routing table so it knows how to get to
foxboro's 151.128.8.xxx IP network:
In a command window on plant PC: route add 151.128.8.255
(AW_IP_ADDR)
Interestingly, a few years back, we found that ALL out-of-the-box AW51Bs
with I/A software loaded had the IP routing capability turned on. All =
that
was needed for a plant PC to access any nodebus device with an IP =
address
was to add a new route in that PC.
I wonder if Foxboro has fixed this security hole in recent I/A =
revisions.
Mark Dumond
FeedForward, Inc
-----Original Message-----
From: foxboro-bounce@xxxxxxxxxxxxx [mailto:foxboro-bounce@xxxxxxxxxxxxx] =
On
Behalf Of Balmer, Robert D.
Sent: Tuesday, February 25, 2003 1:21 PM
To: 'foxboro@xxxxxxxxxxxxx'
Subject: Re: [foxboro] Foxwacth2?
Well this is interesting.. For myself I would be as happy as a pig =
invited
to a pig barbecue. For one thing this would violate our new corporate
IT/Process Technologies rules. That might be something you need to ask =
your
folks Stan. Robert Balmer Climax Molybdenum
-----Original Message-----
From: stan [mailto:stanb@xxxxxxxx]=20
Sent: Tuesday, February 25, 2003 12:17 PM
To: Foxboro List
Subject: [foxboro] Foxwacth2?
Our local Foxboro service guy was in here today, and asked for a copy of
/etc/hosts off of one of the machines in my zone> I asked curiously what =
he
needed this for, and he mumbled something about a new FoxWatch
configuration.
Knowing this had been done already in another persons zone, I went and
looked around I found the following in /etc/hosts:
#*****************************************************
# Start of IA Remote Plus Addresses
# created Fri Mar 30 14:38:41 GMT 2001
#*****************************************************
#
# The following host entries were created by the
# IA Remote Plus Software Install sub-system. Any
# additional entries should be placed AFTER the End
# delimiter.
#
151.128.8.123 fxwrtr
151.128.8.124 foxwatch2
151.128.8.125 foxwatch1
151.128.8.126 fxwsrvr
#
#*****************************************************
# End of IA Remote Plus Addresses
#*****************************************************
Being the curious sort, I tried telneting to the first one of thes:
AW0102# telnet 151.128.8.123 =20
Trying 151.128.8.123...
Connected to 151.128.8.123.
Escape character is '^]'.
login:=20
Interesting, I asked the group leader in that zone if he knew what the
appropriate userid, and password to access this mysterious device was, =
he
said no.
I'm curious about how other people feel about a vendor putting equipment =
on
our (the customers) networks that we are not provided access to?
--=20
"They that would give up essential liberty for temporary safety deserve
neither liberty nor safety."
-- Benjamin Franklin
=20
=20
_______________________________________________________________________
This mailing list is neither sponsored nor endorsed by Invensys Process
Systems (formerly The Foxboro Company). Use the info you obtain here at =
your
own risks. Read http://www.thecassandraproject.org/disclaimer.html
=20
foxboro mailing list: http://www.freelists.org/list/foxboro
to subscribe: =
mailto:foxboro-request@xxxxxxxxxxxxx?subject=3Djoin
to unsubscribe: =
mailto:foxboro-request@xxxxxxxxxxxxx?subject=3Dleave
=20
This message (including attachments) is for the designated recipient =
only
and may contain privileged, proprietary, or otherwise confidential
information. If you are not the intended recipient or have received this
message in error, please notify the sender immediately and delete the
original. Any other use of this e-mail is prohibited.=20
Este mensaje (incluyendo los archivos adjuntos) est=E1 dirigido s=F3lo =
al
receptor se=F1alado y puede contener informaci=F3n de car=E1cter =
privilegiada,
privada o confidencial. Si usted no es el receptor se=F1alado o bien ha
recibido este mensaje por error, por favor notifique inmediatamente al
remitente y elimine el mensaje original. Cualquier otro uso de este =
mensaje
de correo electr=F3nico est=E1 prohibido.
=20
=20
_______________________________________________________________________
This mailing list is neither sponsored nor endorsed by Invensys Process
Systems (formerly The Foxboro Company). Use the info you obtain here at =
your
own risks. Read http://www.thecassandraproject.org/disclaimer.html
=20
foxboro mailing list: http://www.freelists.org/list/foxboro
to subscribe: =
mailto:foxboro-request@xxxxxxxxxxxxx?subject=3Djoin
to unsubscribe: =
mailto:foxboro-request@xxxxxxxxxxxxx?subject=3Dleave
=20
_______________________________________________________________________
This mailing list is neither sponsored nor endorsed by Invensys Process
Systems (formerly The Foxboro Company). Use the info you obtain here at
your own risks. Read http://www.thecassandraproject.org/disclaimer.html
foxboro mailing list: http://www.freelists.org/list/foxboro
to subscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=join
to unsubscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave
- References:
- Re: [foxboro] Foxwacth2?
- From: Balmer, Robert D.
Other related posts:
- » Re: [foxboro] Foxwacth2?
- » Re: [foxboro] Foxwacth2?
- » Re: [foxboro] Foxwacth2?
- Re: [foxboro] Foxwacth2?
- From: Balmer, Robert D.