+- Logic Machine Forum (https://forum.logicmachine.net)
+-- Forum: LogicMachine eco-system (https://forum.logicmachine.net/forumdisplay.php?fid=1)
+--- Forum: General (https://forum.logicmachine.net/forumdisplay.php?fid=2)
+--- Thread: Problem with remote KNX programming on port 3671 (/showthread.php?tid=3670)
Pages:
1
2
Problem with remote KNX programming on port 3671 - Kilogica - 09.11.2021
Hello,
I try to reach a Wiser for KNX in ETS but I can't.
I opened port 3671 TCP/UDP on router and 443, on https no problem but ETS cannot reach (not even with NAT mode activated).
I asked the ISP to see if they block something but they confirmed that they don't.
What could it be? Any ideas?
RE: Problem with remote KNX programming on port 3671 - Daniel - 09.11.2021
This is blocked for security. In LM we have Zerotier which lets you connect securely. Contact SE support directly.
RE: Problem with remote KNX programming on port 3671 - Erwin van der Zwart - 09.11.2021
Check the official communication from KNX Assosiation later today.. Then you know why we closed it ..
RE: Problem with remote KNX programming on port 3671 - Kilogica - 09.11.2021
I understand the problem, and I'm aware of the KNX secure process etc etc, but I have an old installation without a VPN and I have to reach it, is there a way?
RE: Problem with remote KNX programming on port 3671 - Daniel - 09.11.2021
If you use VPN then you don't need NAT. Only public IPs are blocked. When you are on VPN then you use local IPs,
RE: Problem with remote KNX programming on port 3671 - Kilogica - 09.11.2021
Yes, I know it, but I didn't have a VPN there, is it possible to reach the bus via ETS in that case?
Thank you
RE: Problem with remote KNX programming on port 3671 - Daniel - 09.11.2021
Via LM yes, Wiser NO
RE: Problem with remote KNX programming on port 3671 - Erwin van der Zwart - 10.11.2021
For those who have missed the news article of knx.org: https://www.knx.org/knx-en/for-professionals/newsroom/en/news/Smart-Buildings-are-the-subject-of-cyber-attacks/index.php
What is missing in this message is what the hackers are doing at this moment, and why it is so critical to close port 3671 for public access.
Currently hackers are scanning for open ports to unprotected KNX installations and when found they scan for all the bus devices from any brand/manufacturer and delete the programming of the device, next to that they enable the BCU password on the affected devices and make it impossible to re-program the device. In theory this means the device is locked and must be replaced.
As you understand this brings high costs for labor and hardware and the original latest programming must be available. Last week there are several cases i have heared of in different countries and different product ranges/manufacturers.
This is why we keep pushing for avoiding open ports as this is a quick and dirty approach and put you and your customers at high risk for these threats.
For remote access use appropiate measurements like VPN and KNX IP secure and move away from the dangerous port forwarding method!
RE: Problem with remote KNX programming on port 3671 - CristianAgata - 10.11.2021
(10.11.2021, 14:12)Erwin van der Zwart Wrote: For those who have missed the news article of knx.org: https://www.knx.org/knx-en/for-professionals/newsroom/en/news/Smart-Buildings-are-the-subject-of-cyber-attacks/index.php
What is missing in this message is what the hackers are doing at this moment, and why it is so critical to close port 3671 for public access.
Currently hackers are scanning for open ports to unprotected KNX installations and when found they scan for all the bus devices from any brand/manufacturer and delete the programming of the device, next to that they enable the BCU password on the affected devices and make it impossible to re-program the device. In theory this means the device is locked and must be replaced.
As you understand this brings high costs for labor and hardware and the original latest programming must be available. Last week there are several cases i have heared of in different countries and different product ranges/manufacturers.
This is why we keep pushing for avoiding open ports as this is a quick and dirty approach and put you and your customers at high risk for these threats.
For remote access use appropiate measurements like VPN and KNX IP secure and move away from the dangerous port forwarding method!
Confirmed..... Avoid the opening of the port 3671 on the client router. It is very dangerous.
RE: Problem with remote KNX programming on port 3671 - puntukas - 22.11.2021
Hi,
I have LM in local network behind the firewall and I made a custom port with restricted source IP that redirects to LM 3671.
However it does not work - my i3pro application does not work from outside the network even the fw shows all redirects are working properly.
What could cause a problem? is there any way to check LM logs for KNX connections?
thanks
RE: Problem with remote KNX programming on port 3671 - Erwin van der Zwart - 22.11.2021
Did you enabled "NAT mode" in the ETS connection settings?
RE: Problem with remote KNX programming on port 3671 - Frank68 - 24.11.2021
(22.11.2021, 15:21)Erwin van der Zwart Wrote: Did you enabled "NAT mode" in the ETS connection settings?
I have enable but not work..
RE: Problem with remote KNX programming on port 3671 - davidchispas - 11.01.2022
Hello, in LM devices with old Firmware, would it be enough to uncheck the option of 'KNX IP Features'? so the access would be blocked by the 3671?
RE: Problem with remote KNX programming on port 3671 - admin - 11.01.2022
Yes, disabling IP features is enough
RE: Problem with remote KNX programming on port 3671 - Daniel - 11.01.2022
Only if you use TP-UART mode, If Routing is selected then this is still enabled.
RE: Problem with remote KNX programming on port 3671 - YOUSSEF - 14.02.2022
(09.11.2021, 11:20)Daniel Wrote: This is blocked for security. In LM we have Zerotier which lets you connect securely. Contact SE support directly.
Even if LM is on DynDNS 3671 is blocked?
RE: Problem with remote KNX programming on port 3671 - admin - 15.02.2022
Dynamic DNS does not provide any kind of protection. It does not matter if it's a domain name or an IP address. Opening port 3671 is a security issue in a any case.
RE: Problem with remote KNX programming on port 3671 - Dan22 - 16.02.2022
There is no other way to connect to port 3671 other than via VPN, otherwise it is not possible?
I have a problem on my computer with an L2TP connection, it is disabled by WIN-10. I've already gone through what, no change in settings has helped, not even in the registers.
RE: Problem with remote KNX programming on port 3671 - Daniel - 16.02.2022
Have you tried ZeroTier? It is not VPN strictly speaking.
RE: Problem with remote KNX programming on port 3671 - Dan22 - 16.02.2022
I haven't tried zero tier, there is a guaranteed guide somewhere, I would not like to go to LM at the customer's
Daniel,
Thanks for the advice, ZT works.