|Satellite modem traffic (in Mbytes) at 6 sites over a 4 month period|
The graph above shows monthly data usage at 6 sites using Galaxy Communications BGAN/M2M service. The same amount of data collected each month from each site, yet the usage in the first two months is 3-10 times greater than in the last two months. What gives?
One word - FIREWALL. During the first two months shown on the chart there was no firewall enabled which allowed any IP access to the modem. There was no real security vulnerability to the connected devices - the attached measurement controllers were not connected to any other infrastructure and there were no control capabilities built into them. What was really surprising was analyzing the packets to see what other IPs were accessing or trying to access the modems.
It was only through diligence and persistence of Eyasco employees that this was even discovered. It took many hours over several months polling through packet reports to determine the cause of the extra usage over that anticipated for data collection. Approximately 85% of the bandwidth usage without the firewall restricting traffic to a single IP is from "non-native" IPs. Good for the satellite company as this resulted in "Out-of-Bundle" usage fees of over $1000.
It bears repeating that while this level of extra-curricular traffic is huge and costly for the satellite modems - it would probably not even be noticed on a cellular modem. The satellite modems above have monthly plans of 2Mbytes each. We have a cellular plan that includes 250Mbytes for any number of modems and we rarely go over. It takes some serious IP camera viewing or web HMI viewing to jack the costs over the limit. Even then the penalty is on the order of $50 rather than $1000.
And the conclusion seems to be that there is a significant amount of effort being expended world-wide to hack into any public-facing unprotected access point!