What to do if Your LAN-520 Gets Hacked

What to do if Your LAN-520 Gets Hacked


1.0 Introduction

If the LAN-520 channel 1 port # has been changed to 1234 then this is highly indicative that the device has been hacked. The default value for the port number is 10001. This is the number that identifies the channel for remote initiating connections. The range is 1-65535, except for the following reserved numbers.

Port Numbers
Reserved For
1 - 1024
Reserved (well known ports)
9999
Telnet setup
14000-14009
Reserved for Redirector
30718
Reserved (77FEh)

Note: Keri Systems strongly recommends that you not use any of the reserved port numbers for this setting as incorrect operation will likely result.

In addition, Keri also strongly recommends setting a Telnet/Web Configuration password on the LAN-520 to reduce the possibility of the device being hacked.


If your LAN-520 has been hacked, the first thing you will need to do is physically go to the device and perform a factory reset.

Note: The factory reset procedure only applies to the LAN-520 AES module. The much older LAN-520 and LAN-520X modules do not have the reset pins and so if these units are hacked it is most likely the unit will need to be replaced.

2.0 LAN-520AES Factory Reset

Perform the following steps to reset the LAN-520AES unit to its factory default settings:
  1. Power the unit OFF.
  2. Place a jumper across the Factory Default Jumper pins.
  3. Power the the unit ON – this resets the LAN-520AES unit.
  4. Power the unit OFF.
  5. Remove the jumper from the Factory Default Jumper pins.


3.0 Re-Configure the Unit

Follow the steps in the LAN-520 Quick Start Guide to configure the unit again.


4.0 Set a Telnet/Web Manager Password

Keri systems strongly recommends setting the LAN-520 with a password (to prevent unauthorized connections to the module).

Note: The following steps require Telnet to be enabled on the host PC.
  1. Double-click the LAN-520 device listed in Lantronix Device Installer.
  2. Select the Telnet tab and then click on the CONNECT button.
  3. As soon as the Telnet sign-on screen appears, press <Enter> to go into the LAN-520X Setup mode. There is a two to three second window in which you must press <Enter> before the Telnet session automatically closes. If the Telnet session closes before you enter Setup mode (if nothing happens when you press <Enter>), simply click the button to establish the connection.
  4. Once Telnet connects with the LAN-520 all current configuration information is displayed and the cursor is placed at the “Your choice” field.
  5. Enter 0 to go into the device's server settings.
  6. Enter through the list of options until you see: 'Change Telnet/Web Manager Password'.



  7. Enter Y for Yes, then enter.
  8. Input the password you wish to assign to the device.
Note: If you forget or lose the LAN-520 assigned password you will need to perform a factory reset on the device (see section 2.0).

5.0 Apply Additional Security Settings

You can change security settings via Telnet or serial connections only, not on the Web-Manager.
  1. Perform a Telnet connection to the LAN-520.
  2. From the device main menu screen, enter the number 6 to access the device security settings.


Note: We recommend that you set security over the dedicated network or over the serial setup. If you set parameters over the network (Telnet 9999), someone else could capture these settings.

Caution: Disabling both Telnet Setup and Port 77FE prevents users from accessing the setup menu from the network.

Disable SNMP This setting allows you to disable the SNMP protocol on the unit for security reasons.

SNMP Community Name This setting allows you to change the SNMP community name. Community name is a required field for NMS to read or write to a device. The default setting is public. The name is a string of 1 to 13 characters.

Disable Telnet Setup
Note: If you choose to disable this option, please note that disabling both Telnet Setup and Port 77FE prevents users from accessing the setup menu from the network. This setting defaults to the N (No) option. The Y (Yes) option disables access to Setup Mode by Telnet (port 9999). It only allows access locally via the web pages and the serial port of the unit.

Disable TFTP Firmware Upgrade
This setting defaults to the N (No) option. The Y (Yes) option disables the use of TFTP to perform network firmware upgrades. With this option, you can download firmware upgrades over the serial port using DeviceInstaller’s Recover Firmware procedure. (See Serial Port Recovery Procedure on page 5-3.)

Disable Port 77FE (Hex)
Note: If you choose to disable this option, please note that disabling both Telnet Setup and Port 77FE prevents users from accessing the setup menu from the network.
Port 77FE is a setting that allows DeviceInstaller, Web-Manager, and custom programs to configure the unit remotely. You may wish to disable this capability for security purposes. The default setting is the N (No) option, which enables remote configuration. You can configure the unit by using DeviceInstaller, web pages, Telnet, or serial configuration. The Y (Yes) option disables remote configuration and web sites. Note: The Yes option disables many of the GUI tools for configuring the unit, including the embedded Web-Manager tool.

    • Related Articles

    • Troubleshooting LAN-520

      LAN-520 Troubleshooting 1.0 Cannot Connect to the PXL Network - Check the LAN-520 IP address and port number is correct in the Doors.NET software. The IP address should match the address which has been programmed in the LAN-520.     - By default, the ...
    • LAN-520 - Quick Start Guide

         1.0 Introduction The following steps explain how to setup a PXL-500 in the Doors.NET software using a LAN-520 module. It assumes you have worked through the steps to install and license the Doors.NET software and that you have also setup the PXL ...
    • LAN-520 AESP - Full Installation Guide

      1.0 Introduction The following are basic setup steps for the LAN-520 AESP. Some settings may not apply to every application. Note: The LAN-520 AESP is an updated version of Keri’s LAN-520X device. If you are using the new NC-485X Network Converter ...
    • LAN-520 and NC-485 Network Converter Setup Guide

      1.0 Introduction The NC-485X offers you more flexibility in managing multiple, remote, physical sites and enhanced networking capability. By using the LAN-520X in combination with an NC-485X Network Converter, PXL-500 controllers, which are normally ...
    • Verify Communication By Performing a Telnet Session to Port 10001

      This will test the default port used by Doors32/Doors.NET to communicate to the device. The telnet command is preferred over the ping command in testing communications because the telnet command will give a specific response from the device, whereas ...