Type: Driver
File Name: digi_one_29696.zip
File Size: 38.6 MB
56 (4.2)
Downloads: 42
Supported systems: Windows Vista (32/64-bit), Windows XP (32/64-bit), Windows 8, Windows 10
Price: Free* (*Free Registration Required)

Download Now

This presentation was drawn from research that tried to determine how prevalent and exposed internet-connected serial port servers are.

  • Ethernet Enable Any Industrial Device Digi International
  • Multi-Protocol Conversion Capabilities for Automation Integration Digi International
  • Digi One RealPort
  • Compact Serial Server

The results were pretty scary - authentication was rarely implemented and the types of devices exposed ranged from corporate VPN servers to traffic signal monitors. Digi One RealPort POST post attempts to summarize that presentation, but the deck itself has more details. If you are unfamiliar with serial port servers or looking for some additional background, please Digi One RealPort POST the FAQ. These devices serve three primary functions Provide remote access to non-networked equipment such as environment controls, industrial automation, and monitoring systems.

Provide remote access, location tracking, and monitoring of physically mobile systems, including vehicles and cargo containers. Provide out-of-band access to network and power equipment for the purpose of recovery in the case of an outage. A typical serial port server is a box the size of a home router with one or Digi One RealPort POST serial ports on one side and an ethernet, wireless, or mobile interface on the other. The serial port is connected to a target device, such as a router, server, or industrial control system, and the serial port server is configured to allow remote access to this port. Some examples of serial port servers Digi One RealPort POST shown below. Authentication There are three common ways for a user to access a remote serial port They login via telnet, ssh, or the web interface and directly type commands on the serial device.

Compact Serial Server Digi International

They connect to a specific TCP port that acts as a proxy for the serial port, Digi One RealPort POST immediate access to the serial device. They configure vendor-specific software to access the serial port over a proprietary protocol. In the first case, the serial port server requires some form of authentication before the user can interact with the serial-connected device. The most secure method is over a SSH Digi One RealPort POST, but unless the attacker can eavesdrop on your connection, even telnet will do in a pinch. In the second case, this is typically a clear-text TCP connection, accessed using the telnet command, and without any imposed authentication by the serial port server.

If the serial-connected device requires authentication to access the serial console, this is the only layer of defense. The third case is usually identical, however some protocols RealPort can be configured to use both encryption and shared key authentication.

In practice, however, these are mostly clear-text and unauthenticated as well. In summary, we have a serial port exposed directly to the network.

Digi One SP

If the serial port is connected to a device that requires authentication, such as a Linux server, or a Cisco IOS router, it is theoretically protected from unauthorized access unless the attacker knows the correct password. Many serial devices do not require authentication and Digi One RealPort POST assume that if you are physically connected to a serial port, you probably have the right to configure the system.


Serial port servers change the authentication model in two significant ways. First, the concept of trusting a physical port goes out the window when that port is exposed to the internet, especially without an initial layer of authentication. Second, there is a significant difference between a SSH or telnet session and an Digi One RealPort POST serial console. If the user disconnects from SSH or telnet, the session is closed.

Serial Offenders: Widespread Flaws in Serial Port Servers

This is not the case with serial consoles unless the device automatically logs out Digi One RealPort POST to Digi One RealPort POST. Very few systems support inactivity timers on serial consoles Cisco is one of the exceptions. An attacker just has to wait for a valid user to authenticate. Once logged in, the attacker can either hijack the serial port connection or wait for them to become idle and then steal a pre-authenticated shell on the target device. The end result is that both the TCP proxy and proprietary access protocols lead to a situation where most of the serial ports they expose either require no authentication for an attacker to access.

Allied Data Bausch DIGI_V64Easy Serial-to-Ethernet Connectivity
AMD Radeon HD 7340Quick Cookie Notification
Aopen EPC945GT-m8 Realtek HD AudioMulti-Protocol Conversion Capabilities for Automation Integration
Brother MFC-5860CN ControlCenter3Ethernet Enable Any Industrial Device

The Digi One SP serial server provides reliable and cost-effective network TCP/UDP connections or Digi's patented RealPort® COM port redirector for Digi One RealPort POST. Digi's RealPort software works with the Digi CM, Digi One, PortServer II. RealPort driver with serial printers, you have to reboot the system after device.


Other Drivers