14. Nmap scan report for 192.168.XXX.XXX
Host is up (0.014s latency).
Not shown: 65510 closed ports
PORT STATE SERVICE
80/tcp open http
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
2000/tcp open cisco-sccp
5060/tcp open sip
7504/tcp open unknown
7533/tcp open unknown
49152/tcp open unknown
49153/tcp open unknown
49154/tcp open unknown
49159/tcp open unknown
49160/tcp open unknown
49163/tcp open unknown
15.
16.
17. Nmap scan report for 192.168.XXX.XXXX
Host is up (0.0019s latency).
PORT STATE SERVICE
80/tcp open http
5060/tcp open sip
18.
19.
20. Nmap scan report for 192.168.XXX.XXX
Host is up (0.017s latency).
PORT STATE SERVICE
21/tcp open ftp
80/tcp open http
139/tcp open netbios-ssn
445/tcp open microsoft-ds
515/tcp open printer
5358/tcp open unknown
9090/tcp open zeus-admin
9100/tcp open jetdirect
9101/tcp open jetdirect
9102/tcp open jetdirect
9103/tcp open jetdirect
21.
22.
23. Nmap scan report for 192.168.XXX.XXX
Host is up (0.024s latency).
PORT STATE SERVICE
21/tcp open ftp
80/tcp open http
139/tcp open netbios-ssn
443/tcp open https
445/tcp open microsoft-ds
515/tcp open printer
5358/tcp open unknown
9090/tcp open zeus-admin
9091/tcp open xmltec-xmlmail
9100/tcp open jetdirect
9101/tcp open jetdirect
9102/tcp open jetdirect
9103/tcp open jetdirect
24.
25.
26. Nmap scan report for 192.168.XXX.XXX
Host is up (0.019s latency).
PORT STATE SERVICE
80/tcp open http
443/tcp open https
4352/tcp open unknown
5120/tcp open unknown
5357/tcp open wsdapi
7142/tcp open unknown
7145/tcp open unknown
7146/tcp open unknown
7200/tcp open fodms
7201/tcp open dlip
41794/tcp open crestron-cip
32. Nmap scan report for 192.168.1.XXX
Host is up (0.0057s latency).
Not shown: 65531 closed ports
PORT STATE SERVICE
80/tcp open http Linksys E4200 WAP http config
139/tcp open netbios-ssn Samba smbd 3.X
445/tcp open netbios-ssn Samba smbd 3.X
51000/tcp open unknown
MAC Address: C0:C1:C0:XX:XX:XX (Cisco-Linksys)
33.
34.
35. Nmap scan report for 192.168.1.XXX
Host is up (0.0028s latency).
Not shown: 65527 closed ports
PORT STATE SERVICE
22/tcp open ssh OpenSSH 5.8p1-hpn13v11 (protocol 2.0)
80/tcp open http Apache httpd 2.2.22 ((Unix))
161/tcp open snmp?
515/tcp open printer?
548/tcp open afp?
631/tcp open ipp CUPS 1.4
5000/tcp open http Apache httpd 2.2.22 ((Unix))
5432/tcp open postgresql PostgreSQL DB 8.3.9 - 8.3.11
MAC Address: 00:11:32:XX:XX:XX (Synology Incorporated)
36.
37. Nmap scan report for 192.168.1.XX
Host is up (0.13s latency).
All 65535 scanned ports on 192.168.1.XX are closed
MAC Address: 18:B4:30:XX:XX:XX (Nest Labs)
38. SSL Certificate
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Nest Labs, Inc., CN=Nest Private
Server Certificate Authority
Validity
Not Before: Aug 14 00:46:40 2012 GMT
Not After : Aug 14 00:46:40 2013 GMT
Subject: C=US, O=Nest Labs, Inc.,
CN=devices.nest.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
44. Nmap scan report for 192.168.1.XXX
Host is up (0.027s latency).
All 65535 scanned ports on 192.168.1.XXX are closed
MAC Address: 00:1C:BE:XX:XX:XX (Nintendo Co.)
45.
46. SSL Certificate
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=Washington, O=Nintendo of America
Inc, OU=NOA, CN=Nintendo CA/
emailAddress=ca@noa.nintendo.com
Validity
Not Before: Mar 28 19:07:13 2008 GMT
Not After : Mar 26 19:07:13 2018 GMT
Subject: C=US, ST=Washington, L=Redmond,
O=Nintendo, CN=*.shop.wii.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
49. Nmap scan report for 192.168.1.XXX
Host is up (0.0065s latency).
Not shown: 65530 closed ports
PORT STATE SERVICE
3689/tcp open daap Apple iTunes DAAP 11.0.1d1
5000/tcp open rtsp Apple AirTunes rtspd 160.10
7000/tcp open http Apple AirPlay httpd
7100/tcp open http Apple AirPlay httpd
62078/tcp open tcpwrapped
MAC Address: 70:56:81:XX:XX:XX (Unknown)
50. SSL Certificate
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network,
OU=Terms of use at https://www.verisign.com/rpa (c)06,
CN=VeriSign Class 3 Extended Validation SSL SGC CA
Validity
Not Before: Oct 2 00:00:00 2012 GMT
Not After : Oct 2 23:59:59 2013 GMT
Subject: 1.3.6.1.4.1.311.60.2.1.3=US/
1.3.6.1.4.1.311.60.2.1.2=California/
businessCategory=Private Organization/
serialNumber=C0806592, C=US/postalCode=95014,
ST=California, L=Cupertino/street=1 Infinite Loop, O=Apple
Inc., OU=iTMS Engineering, CN=p2-buy.itunes.apple.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
54. Nmap scan report for 192.168.1.XXX
Host is up (0.0031s latency).
Not shown: 65525 closed ports
PORT STATE SERVICE
23/tcp open telnet?
80/tcp open http GoAhead-Webs embedded httpd
443/tcp open ssl/http GoAhead-Webs httpd
1024/tcp open rtsp Apple AirTunes rtspd 103.2
5000/tcp open upnp?
5001/tcp open commplex-link?
6666/tcp open tcpwrapped
8080/tcp open http-proxy?
10100/tcp open unknown
15555/tcp open unknown
MAC Address: 00:05:CD:XX:XX:XX (Denon)
55. SSL Certificate
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=JP, ST=Kanagawa, L=Kawasaki-ku,Kawasaki-shi,
O=D&M Holding Inc., OU=Denon Brand Company,
CN=firmware.denon.jp/emailAddress=dpms-master@denon.co.jp
Validity
Not Before: Jan 14 07:37:43 2009 GMT
Not After : Jan 9 07:37:43 2029 GMT
Subject: C=JP, ST=Kanagawa, L=Kawasaki-ku,Kawasaki-shi,
O=D&M Holding Inc., OU=Denon Brand Company,
CN=firmware.denon.jp/emailAddress=dpms-master@denon.co.jp
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
60. Nmap scan report for 192.168.1.XXX
Host is up (0.0024s latency).
All 65535 scanned ports on 192.168.1.XXX are closed
MAC Address: 00:1D:BA:XX:XX:XX (Sony)
68. DRAG + DROP
IMAGE HERE
http://w3.usa.siemens.com/buildingtechnologies/us/en/integrated-solutions/command-and-control/Pages/command-and-control.aspx
72. BIG PROBLEMSWITH CONNECTED DEVICES
Lots of exposed services
Pwnable firmware update mechanisms
Low end-user visibility that something is fishy
How will you know if a device gets hacked?
Manufacturer abandonment
How long will manufacturer keep device current?
74. ADMINISTRATORS
Apply patches to all connected devices
Some devices need a manual <click>
Segment your network
SIP phones don’t need to talk to your source code management server
Monitor internal netflows
Perimeter defenses are helpful
Make sure you trust your Internet connection
75. DEVELOPERS
Use SSL
Validate certificate chaining to a trusted root
Use modern crypto
Digitally sign firmware
Penetration-test your devices
Harden your update servers
Apache/2.2.3 (Red Hat) DAV/2 mod_auth_pgsql/2.0.3 mod_python/
3.2.8 Python/2.4.3 mod_ssl/2.2.3 OpenSSL/0.9.8e-fips-rhel5 SVN/
1.6.11 mod_perl/2.0.4 Perl/v5.8.8