My ION has a virus
- Thread starterDoubleXX
- Start date
z2oo
Active Member
The first thing someone would ask is why is your Ion connected to the internet or a network that isn't used exclusively for production lighting... If you really do have a virus, that's almost certainly how you got one in the first place (or someone stuck in a USB drive with something on it).
My question is this: does it really have a virus, or are your IT people seeing a bunch of crazy network traffic coming from it that they don't understand?
My question is this: does it really have a virus, or are your IT people seeing a bunch of crazy network traffic coming from it that they don't understand?
As well, typical ETC console and device IP addresses are like "10.101.100.101" or some variation, but almost always the 10.101 set. Most of the rest of the world uses IP's starting with "192.168" and so forth.
Unless you are on a defined IP for every device and don't follow the usual ETC range.
Thus I'd think the IT department is in error.
But is your Ion and network connected to another network ?, and if so, get it off the network. Or is there a WiFi router set to the 192.168 range and that's what they see ?.
As to virus's, most are some form of executable files requiring some form of user interaction and stupidity to launch. Ion's, Win XP and 7, as embedded OS's don't usually allow executable files to be launched, as it was explained to me when I was worried about getting a file off a USB whose files contained a lot of stuff it shouldn't have had.
It's not outside of the realm of possibility that's true, particularly if you have an earlier vintage that's still on XP, but it's more likely that they're getting traffic they aren't familiar with and it showed up in a packet trace. Among other reasons, this is why lighting and sound consoles are usually kept isolated off of house networks.
Before you go too far down a rabbit hole, I would ask for more specifics on how precisely they came to that conclusion. If it's just because they're seeing traffic they don't recognize, then you should rectify that to by getting the lighting systems on a dedicated VLAN segregated from everything else. You should also make sure that there are no unmanaged Layer 2 switches in the signal path for your console. Unmanaged Layer 2 switches take multicast packets (one packet stream getting offered up on the network for many possible receivers to subscribe to) and turn them into broadcast (any multicast packet stream on that switch gets regurgitated and sent out to every port and device on the network whether they want it or not -- "a broadcast storm"). At a minimum, you want Layer 2 Managed or Layer 3 switches to avoid this.
It's much more likely that streaming lighting data is fine but is getting broadcast out to corners of the network it isn't intended to, and not so likely that your Ion that is a very locked down version of Embedded Windows has a virus. There is the slimmest of possibilities if you're still running XP that a security vulnerabilities are being exploited by a virus because XP hasn't received security updates for a long time but it's highly improbable that's what you're encountering.
Before you go too far down a rabbit hole, I would ask for more specifics on how precisely they came to that conclusion. If it's just because they're seeing traffic they don't recognize, then you should rectify that to by getting the lighting systems on a dedicated VLAN segregated from everything else. You should also make sure that there are no unmanaged Layer 2 switches in the signal path for your console. Unmanaged Layer 2 switches take multicast packets (one packet stream getting offered up on the network for many possible receivers to subscribe to) and turn them into broadcast (any multicast packet stream on that switch gets regurgitated and sent out to every port and device on the network whether they want it or not -- "a broadcast storm"). At a minimum, you want Layer 2 Managed or Layer 3 switches to avoid this.
It's much more likely that streaming lighting data is fine but is getting broadcast out to corners of the network it isn't intended to, and not so likely that your Ion that is a very locked down version of Embedded Windows has a virus. There is the slimmest of possibilities if you're still running XP that a security vulnerabilities are being exploited by a virus because XP hasn't received security updates for a long time but it's highly improbable that's what you're encountering.
BillConnerFASTC
Well-Known Member
Malabaristo
Well-Known Member
Have your IT people call ETC and ask for Application Engineering (rather than regular phone support) with a description of what is making them suspicious. They could also just email a Wireshark capture and description of the problem to [email protected] for review.
As has been mentioned, it's very likely this is normal lighting traffic that they just need to contain to a lighting-only portion of their network. The console does run windows (either XP or 7 depending on age), but it's the embedded version, so it's stripped down and configured specifically to make it very robust. Getting a virus onto it in the first place would take a pretty intentional level of effort to accomplish.
Similar threads
