ION9000 Onboard Event Log - Ethernet Alarms

solutions_iems- · ‎2025-07-04

I have a customer who is seeing regular Ethernet alarms in the ION9000 meter event log.

The alarms are associated with FTP & Telnet for USER0 and appear to be triggered by the Front Panel (see attached).

Could an external IP be trying to access the ION9000 meter (hack)?

Thanks

Charles_Murison · ‎2025-07-04

A few items to note, FTP is only supported on very old firmware. Where possible I would recommend upgrading the meter to the latest firmware.

As for the events, User 0 is a catchall for unauthenticated communications. It is possible the customer's IT department is doing a kind of auto scans for specific ports. There are some options available to the customer.

A) disable the ports when not being used. FTP is used during upgrades to transfer the meter's web pages, or to collect COMTRADe files. If customer is not using COMTRADE files, FTP could be disabled unless doing firmware upgrades. Same with Telnet, the port could be disabled unless being used for a specific purpose (only common case I know of is troubleshooting).

B) Changing the ports to a different number from default, many scans will look for specific ports, if the meter is not using a default port the scan will not try to access the device.

Regards,

Charles

L4 Prime for Advanced metering and Utilities

See Answer In Context

Charles_Murison · ‎2025-07-04

Hello @solutions_iems- ,

A few items to note, FTP is only supported on very old firmware. Where possible I would recommend upgrading the meter to the latest firmware.

As for the events, User 0 is a catchall for unauthenticated communications. It is possible the customer's IT department is doing a kind of auto scans for specific ports. There are some options available to the customer.

A) disable the ports when not being used. FTP is used during upgrades to transfer the meter's web pages, or to collect COMTRADe files. If customer is not using COMTRADE files, FTP could be disabled unless doing firmware upgrades. Same with Telnet, the port could be disabled unless being used for a specific purpose (only common case I know of is troubleshooting).

B) Changing the ports to a different number from default, many scans will look for specific ports, if the meter is not using a default port the scan will not try to access the device.

Regards,

Charles

L4 Prime for Advanced metering and Utilities

ION9000 Onboard Event Log - Ethernet Alarms

ION9000 Onboard Event Log - Ethernet Alarms

This is a heading