Stan, The devices that you see in your hosts file are part of the Remote Plus system. This is the new and improved version of the Foxwatch product. A bit of history: For remote support Foxboro used to supply a modem connected to a COMM10. Via this way Foxboro could get a terminal window when dialing in from the Foxwatch center in Foxmass. The biggest disadvantage was that no TCP/IP traffic was possible, so no remote X-window, telnet or FTP was possible. These days a router is supplied so that TCP/IP traffic is possible from and to the Foxwatch center. This means that we (Foxboro) can use normal telnet/ftp/x-window to do troubleshooting. Why is a router needed? Well: every I/A system uses the 151.128.x.x address range and only expects IP addresses in this range. So the router does the necessary network address translation (NAT) and filtering to keep the good packets in and the rest out. This enables Foxboro to do remote troubleshooting from the Foxmass (or Baarn or Singapore) office. The 151.128.8.123 IP address is the Remote Plus router. The other 3 IP addresses are used only when Foxboro is logged into the site. Security: When connecting a DCS to the rest of the world it is important to understand the implications of this. Foxboro has a well documented security protocol on how to deal with remote support. This includes: * physical security Foxwatch room in Foxmass is behind locked doors, just unplug the phone line of your router when not in use, All 3 TAC centers (Foxmass,Baarn,Singapore) have identical setups with identical databases, basically a redundant setup. * social security Only certified Foxboro engineers are allowed to dialin to customers, all actions are logged on file and/or video, Foxboro engineer can have voice contact with customer to update the customer on what he/she is doing. * technical security Standard of the shelf communications equipment is used, all specs are available. That's much better than trying security through obscurity. Dialback is recommended. There is filtering in both the onsite router and the Foxboro router to keep bad packets out and the good packets in. At the customer site there should be a policy on how to handle connections from the outside world to the DCS. And with the outisde world I mean everything that is not DCS related: the IT network that is connected to the 2nd ethernet port of an AW. Any phone connections into the DCS, including Remote Plus. Remote engineering stations via X-window sessions etc... Contact a CSC center (www.foxboro.com - Technical Support link) if you have any detailed questions about Remote Plus and its implementation onsite. Marco Simpelaar - EMEATAC Europe, Middle East & Africa Technical Assistance Centre Invensys Systems Nederland N.V. E-Mail ips_emeatac@xxxxxxxxxxx Internet www.ips.csc.invensys.com Tel +31-35-5484125 Fax +31-35-5484175 -----Original Message----- From: stan [mailto:stanb@xxxxxxxx] Sent: dinsdag 25 februari 2003 19:17 To: Foxboro List Subject: [foxboro] Foxwacth2? Our local Foxboro service guy was in here today, and asked for a copy of /etc/hosts off of one of the machines in my zone> I asked curiously what he needed this for, and he mumbled something about a new FoxWatch configuration. Knowing this had been done already in another persons zone, I went and looked around I found the following in /etc/hosts: #***************************************************** # Start of IA Remote Plus Addresses # created Fri Mar 30 14:38:41 GMT 2001 #***************************************************** # # The following host entries were created by the # IA Remote Plus Software Install sub-system. Any # additional entries should be placed AFTER the End # delimiter. # 151.128.8.123 fxwrtr 151.128.8.124 foxwatch2 151.128.8.125 foxwatch1 151.128.8.126 fxwsrvr # #***************************************************** # End of IA Remote Plus Addresses #***************************************************** Being the curious sort, I tried telneting to the first one of thes: AW0102# telnet 151.128.8.123 Trying 151.128.8.123... Connected to 151.128.8.123. Escape character is '^]'. login: Interesting, I asked the group leader in that zone if he knew what the appropriate userid, and password to access this mysterious device was, he said no. I'm curious about how other people feel about a vendor putting equipment on our (the customers) networks that we are not provided access to? -- "They that would give up essential liberty for temporary safety deserve neither liberty nor safety." -- Benjamin Franklin _______________________________________________________________________ This mailing list is neither sponsored nor endorsed by Invensys Process Systems (formerly The Foxboro Company). Use the info you obtain here at your own risks. Read http://www.thecassandraproject.org/disclaimer.html foxboro mailing list: //www.freelists.org/list/foxboro to subscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=join to unsubscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave _______________________________________________________________________ This mailing list is neither sponsored nor endorsed by Invensys Process Systems (formerly The Foxboro Company). Use the info you obtain here at your own risks. Read http://www.thecassandraproject.org/disclaimer.html foxboro mailing list: //www.freelists.org/list/foxboro to subscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=join to unsubscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave