Unless you are John Podesta or Hillary Clinton, I wouldn’t be too concerned about Putin hacking into your tablo and watching 50 year old episodes of Bat Man.
Consumers have bought millions of Roku’s, Apple TV’s, Fire Tv’s, routers, power link adapters, etc. Many times they try to save a few dollars by purchasing products designed, programmed, and manufactured by Chinese companies. Some of which may be partially owned by the communist party or military. With all of these millions of devices it’s hard to believe script kiddies are targeting a product with such a small customer base. The electronics in the modern car or thermostat would be a better target.
Too bad you would be wrong. Script kiddies don’t target anything specific. They go against anything they can find. Origin and popularity of the product are not relevant. If they find it in a network scan, they throw their scripts at it and see what sticks.
That said, I’m not worried about port 23 because I explicitly block it on my home firewall both in and out. You would have to be hacking from inside my network to get at that port. At that point I have bigger problems than you messing with my PVR.
I agree. But having been in IT since forever, one strange thing is that the number of attacks has actually decreased. It used to be that the time from new IP to first attack was hours, then it went down to minutes… and now it’s back up to a longer period of time again. Perhaps it’s not as “interesting” as it once was? Just an observation.
8887 is the port used by the Tablo web interface (it’s http, so you can run a sniffer and see what it’s doing).
18080 exists for 3rd party apps (used by the Plex app I’m told). Also used by my own script to pull down video files for offline storage. try http://your_tablo_ip:18080/pvr/ with a web browser.
There a number of sites that consistently probe ports. CERT knows of these. One being a Chinese “university”. The number and sophistication of attacks on commercial sites in the U.S. use to increase at the holiday season, especially Christmas, because a lot of workers are on holiday and out of town. In India at various important holidays.
Scary thought and I’d like to say “Ahem, no!” But with all the vendors building ring zero things and other backdoors into our systems, I guess you never know anymore.
While the TCP header may be purposely constructed with spoofed and illegal field combinations, it would be pretty hard for a packet to transverse it’s way through all the various routers without one. So they are probably visible.
A more simple and fun thing to do is violate the TCP/IP protocol.