peterw wrote: > Aesculus;372658 Wrote: > >> Security is not a problem. I have the net firewalled and do not allow >> any incoming connections outside the firewall to that IP address. >> >> Keep in mind that the Net interface is not using the Denon Web >> controller, but the underlying control language (serial) via the IP >> interface. It also allows for 2-way functions which IR cannot do. >> > > A perimeter firewall won't fully protect you. The attacker doesn't need > direct access to the Denon; the attacker would use your web browser to > attack it. It looks like the Denon web interface -- unless you have a > device *inside* your network blocking web requests from devices *inside > your own network*, or unless you can actually disable it -- is > vulnerable to CSRF and probably DNS Rebinding attacks. If your PC can > connect to port 80 on the Denon, you're probably at risk. CSRF has been > well understood for at least 7 years now; DNS Rebinding for a bit over > one year. From what I've seen, the Denon developers didn't defend > against either attack.
Come on, what's the likelyhood and the possible damage? The attacker would need to know the IP address the Denon was on and - of course - that you have one connected in the first place. You can be too paranoid. Regards, Peter _______________________________________________ discuss mailing list discuss@lists.slimdevices.com http://lists.slimdevices.com/lists/listinfo/discuss
