How to avoid being intercepted by monitoring/Patrolling service on corporate networks?

01 Jul 2015

As many of us are developing IoT devices that will be installed on corporate networks, I want to bring the titled matter to you guy's attention and see what measures can we take.

In many ways, activity of an IoT device will be drastically different from regular web browsing. Many corporate/organizations employ certain monitoring measures, intercept suspicious activities then shut down associated Ethernet ports.

This happened to one of my testing unit that is installed in an organization. It is a freezer monitoring system based on mbed. The way it works is, it constantly calls back to my servers via an Ethernet port. During certain period of time, the system works perfectly fine. During certain other period of time (mostly business hours), the device will completely go nuts. It tries to call back to my server a few times then stuck, then rebooted by watchdog timer. This goes on and on. This will usually go away during night hours and over weekends. Being intercepted by network patrolling is my primary suspicion.

Please share your experience if you had similar ones. Any thoughts and comments are welcome too.

Thanks in advance.

01 Jul 2015

Is this nefarious social engineering? No answer to you is deserved, other than the obvious:

Before doing this on their network, meet and explain and show documentation, and your manager's approval, before using "their" network for unusual purposes. Are you using their DHCP server too?

Better yet, DON'T use their network. Setup your own isolated small LAN. Get your own little temperature chamber or refrigerator.

Most good enterprise networks have port scanners and other tools running to detect/stop DOS and berserk devices on the network.

No one here should help you try to defeat the protections.

01 Jul 2015

steve childress wrote:

No one here should help you try to defeat the protections.

Well said! I second that.