This is a Security measure I have been using for over 10 years without really knowing if it is effective.
Objective: block an IoT device from any Internet Access but still retain local access.
Will the following measures achieve this Objective or can this IOT Device still find a way to call home or other?
Router:
- assign Non-Standard LAN/GATEWAY Address (Example: 192.168.0.96)
- netmask < 24bits (Example: 255.255.254.0)
IoT Device:
- assign Non-Standard port(s) (Example: 9250 instead of 80)
- assign Fixed IP Address (Example: 192.168.1.234)
- assign netmask = 24bits (Example: 255.255.255.0)
- set: gateway = dns1 = dns2 = device fixed IP (Example: all set to 192.168.1.234)
Expecting:
Inbound: scanners can't see devices on non-standard ports (router blocks all non-standard ports)
Outbound: IoT device won't be able to find a Gateway route because
a) points to itself as the gateway
b) a standard gateway of 192.168.1.1 doesn't exist
c) netmask would infer a gateway should exist within 192.168.1.1 - 254
Thanks in advance for any insight you can provide
Objective: block an IoT device from any Internet Access but still retain local access.
Will the following measures achieve this Objective or can this IOT Device still find a way to call home or other?
Router:
- assign Non-Standard LAN/GATEWAY Address (Example: 192.168.0.96)
- netmask < 24bits (Example: 255.255.254.0)
IoT Device:
- assign Non-Standard port(s) (Example: 9250 instead of 80)
- assign Fixed IP Address (Example: 192.168.1.234)
- assign netmask = 24bits (Example: 255.255.255.0)
- set: gateway = dns1 = dns2 = device fixed IP (Example: all set to 192.168.1.234)
Expecting:
Inbound: scanners can't see devices on non-standard ports (router blocks all non-standard ports)
Outbound: IoT device won't be able to find a Gateway route because
a) points to itself as the gateway
b) a standard gateway of 192.168.1.1 doesn't exist
c) netmask would infer a gateway should exist within 192.168.1.1 - 254
Thanks in advance for any insight you can provide