DSM-G600, DNS-3xx and NSA-220 Hack Forum

Unfortunately no one can be told what fun_plug is - you have to see it for yourself.

You are not logged in.

Announcement

#1 2008-03-12 19:36:18

maxyeo
Member
Registered: 2008-03-12
Posts: 14

Newbie and need lotsa help ...

Hi everybody, I'm new to this DNS323 and I need help to setup so that I can access files over the net. I was at the Wiki site and I'm really lost .... the more I read the confuse I am .... been asking around in those forums where I'm located but no one seems to bother what I asked ... sad sad and I also email to D-Link for help but their replies were all craps .... so I hope I can find some helps and answers here ....

1. what other software needed in order to access the DNS over the net ?
2. do I need a domain ?

I'm really lost now ....

Rgds
Max

Offline

 

#2 2008-03-12 23:14:02

fordem
Member
Registered: 2007-01-26
Posts: 1938

Re: Newbie and need lotsa help ...

The answer is going to depend on what sort of access you want to have over the net.

You can access the DNS-323 over the internet with no additional software - it has a built-in ftp server and most of today's PCs include ftp client software as a part, either of the operating system or the internet browser.  This may or may not meet your needs, and you need to recognize that because ftp transmits login & password details in clear text, it is considered insecure.

Do you need a domain?  That depends - what do you mean by need a domain?  Do you need to register a domain, not necessarily - assuming that you are using some form of residential broadband internet service, you most likely have a dynamic (changing) ip address, and you can use the free dynamic DNS services DynDNS or D-Link's free DNS service to keep track of your ip address.

Offline

 

#3 2008-03-13 05:07:22

maxyeo
Member
Registered: 2008-03-12
Posts: 14

Re: Newbie and need lotsa help ...

Hi fordem, thanks for your fast reply smile

yes you are right my broadband service using dynamic ip address smile so which is easier to setup ? I did signup free D-link DNS service but I don't know how it work sad is there any step by step guide ? I managed to map the HDD and that's where I stop .... next step I'm stuck sad

the dlinkdns info do I need to put into both router and nas ??

the attached picture red arrow pointing is that the link to access the nas ???

Last edited by maxyeo (2008-03-13 06:13:04)


Attachments:
Attachment Icon dlinkddns.jpg, Size: 53,025 bytes, Downloads: 241

Offline

 

#4 2008-03-13 14:51:53

fordem
Member
Registered: 2007-01-26
Posts: 1938

Re: Newbie and need lotsa help ...

maxyeo - I have not used the D-Link dynamic DNS service myself, so I can't comment on how it works, but it does look like that link should point to your dynamic ip address - when I ping it I get no response, but it appears to be registered to an ISP in Singapore.

Now - that is only half the equation (so to speak), you have a URL that points to your ip address, you need to setup your network - you need to forward the appropriate port (21 for ftp) through your firewall to the DNS-323.

I will remind you again that ftp is considered insecure and unless you take appropriate steps to secure your system before putting it on the public internet, you may end up with it being used by other people for their own purposes.

Offline

 

#5 2008-03-13 18:48:03

maxyeo
Member
Registered: 2008-03-12
Posts: 14

Re: Newbie and need lotsa help ...

Hi fordem, when I point to the address it open the page to modify host ... and not the nas ? I already set the port forwarding to port 21 for ftp so what am I suppose to do next ? and since ftp is insecure what other ways can I use to access the nas ??? and thanks again fordem for your help smile

Offline

 

#6 2008-03-13 20:00:27

sjmac
Member
Registered: 2008-01-21
Posts: 222

Re: Newbie and need lotsa help ...

maxyeo - what are you trying to do ?

You said there are some files on your DNS323, and you want to be able to access them from the internet, but maybe you could give more details.

How do you want to access it? From your mobile phone? From your laptop via a Wifi hotspot? From someone elses computer? From some other "internet device"?

What kind of files? Excel spreadsheets? Database files? Web pages? Disk backups? Videos and music?

Is the information confidential? Do you need to stop others from seeing it? Or are you trying to publish the information so that anyone can see it?

Do you want to be able to write new data on to your DNS323 from the internet or just read the files?

Do you want anyone to be able to store files on your DNS323, noone, or just you?

What other equipment are you using, for example to connect the DNS323 to the internet - a broad band router?

Do you know what the IP address of your DNS323 is on your internal network is? Do you know how it got that address? Does your internal network use dynamic addresses? You'll probably want to set up the network so that the DNS323 always gets the same address.

BTW, looks like you've been trying to get the FTP stuff working - have you used FTP before?

Offline

 

#7 2008-03-13 20:19:51

maxyeo
Member
Registered: 2008-03-12
Posts: 14

Re: Newbie and need lotsa help ...

sjmac wrote:

maxyeo - what are you trying to do ?

You said there are some files on your DNS323, and you want to be able to access them from the internet, but maybe you could give more details.

How do you want to access it? From your mobile phone? From your laptop via a Wifi hotspot? From someone elses computer? From some other "internet device"?

What kind of files? Excel spreadsheets? Database files? Web pages? Disk backups? Videos and music?

Is the information confidential? Do you need to stop others from seeing it? Or are you trying to publish the information so that anyone can see it?

Do you want to be able to write new data on to your DNS323 from the internet or just read the files?

Do you want anyone to be able to store files on your DNS323, noone, or just you?

What other equipment are you using, for example to connect the DNS323 to the internet - a broad band router?

Do you know what the IP address of your DNS323 is on your internal network is? Do you know how it got that address? Does your internal network use dynamic addresses? You'll probably want to set up the network so that the DNS323 always gets the same address.

BTW, looks like you've been trying to get the FTP stuff working - have you used FTP before?

Hi sjmac, thanks for replying my thread smile

1. I wanna access from laptop via Wifi and office PC, files will be photos and music mainly
2. Yes must be able to write new data from internet and only for me to store files
3. I'm using Netgear RangeMAX wireless router and DNS323 connected to it
4. I know the IP address of DNS323, the address was assign by the router ... my broadband is using dynamic and pc addresses assign by router
5. I did signup an account at www.dyndns.com and the DNS323 DDNS setting keep showing "Connecting"
6. I'm not so familar with FTP stuff ...

Max

Offline

 

#8 2008-03-13 23:27:25

sjmac
Member
Registered: 2008-01-21
Posts: 222

Re: Newbie and need lotsa help ...

OK, here's some stuff that I know that might be helpful -- hopefully someone else can jump in and disagree or fill in the (big) gaps.

You have set up the dlinkddns account, and so you can use the URL that you posted a picture of to get to your home network. You need to have some service running at home to connect to though. If you want to use an out-of-the-box DNS323, you have two options: FTP, or a SMB/Windows shares. Because your DNS323 is hidden safely behind your home router, you will need to make a connection between your router and the DNS323. That is the port forwarding. The port or ports that you need to forward will depend on what services you want to expose to the internet.

FTP (File Transfer Protocol) is an ancient way to move files between computers. It is easy to snoop on the password that you use to get access and the data that you transfer if you are accessing your DNS323 from an untrusted network. (FTP is still useful in certain situations*.) As you say you'd like to access your files from wifi (public wifi, untrusted network, like a net cafe?), I'd say avoid FTP, but if you want to use it then you'll need to forward port 21 from your router to port 21 of the DNS323. Then in Windows Explorer type ftp://username@yourdlinkddnsaddress/ and if you are lucky  then you'll get to log in to your FTP server.

Accessing windows shares from the internet is also possible, and is probably more secure than FTP. Other people can advise on this, and what ports you'd need to forward. You would type \\yourdlinkddnsaddres\ to access your shares, and depending on what version of windows you use you might get the chance to type in the correct user name and password.

Personally, what I have done to access my files from my laptop when I'm away from home is set up a VPN (Virtual Private Network). My router has a VPN server built in, and that lets me connect to my home network securely from any other network. Any data that I send to the VPN server is hidden from the public network by encryption. That's easy for me to do, because my broadband router has a VPN server built in, but yours probably doesn't. (Check the manual - must have VPN server, not VPN  passthrough!)

Those are your only out of the box options. As this forum is essentially about making the DNS323 do things that DLink didn't design it to do, you do have some other options.

As you say you want to write to your disk, that rules out these two things mentioned on this forum recently:
http://dns323.kood.org/forum/t1827-ligh … S-323.html
http://dns323.kood.org/forum/t1132-Ligh … eamer.html

These set up web pages on your DNS323 with links to your files. You would forward port 80 from your router to your dns323 and access the files using a web browser (http://yourdlinkddnsaddress/).

You could install the OpenVPN software that some people have talked about here, and then set up your router to do VPN passthrough to your DNS323. That sounds tricky to me.

You could set up an ssh server on your DNS323 (dropbear?), forward port 22 (I think?? is that right?), and then use scp (Secure CoPy) to move files on and off of your DNS323. You can use a program like WinScp on Windows to do this. That's what I recommend for you, but unfortunately, I've never set up dropbear on the DNS323 :-(

What's your favourite options from that lot?

*I think FTP is still useful for anonymous public read access to files, or write-only access to a disk (never allow the public to read data that has been written anonymously by ftp).

Offline

 

#9 2008-03-14 00:50:11

fordem
Member
Registered: 2007-01-26
Posts: 1938

Re: Newbie and need lotsa help ...

I would not suggest the sharing of files using SMB without some form of VPN

Offline

 

#10 2008-03-14 20:32:38

maxyeo
Member
Registered: 2008-03-12
Posts: 14

Re: Newbie and need lotsa help ...

sjmac wrote:

OK, here's some stuff that I know that might be helpful -- hopefully someone else can jump in and disagree or fill in the (big) gaps.

You have set up the dlinkddns account, and so you can use the URL that you posted a picture of to get to your home network. You need to have some service running at home to connect to though. If you want to use an out-of-the-box DNS323, you have two options: FTP, or a SMB/Windows shares. Because your DNS323 is hidden safely behind your home router, you will need to make a connection between your router and the DNS323. That is the port forwarding. The port or ports that you need to forward will depend on what services you want to expose to the internet.

FTP (File Transfer Protocol) is an ancient way to move files between computers. It is easy to snoop on the password that you use to get access and the data that you transfer if you are accessing your DNS323 from an untrusted network. (FTP is still useful in certain situations*.) As you say you'd like to access your files from wifi (public wifi, untrusted network, like a net cafe?), I'd say avoid FTP, but if you want to use it then you'll need to forward port 21 from your router to port 21 of the DNS323. Then in Windows Explorer type ftp://username@yourdlinkddnsaddress/ and if you are lucky  then you'll get to log in to your FTP server.

Accessing windows shares from the internet is also possible, and is probably more secure than FTP. Other people can advise on this, and what ports you'd need to forward. You would type \\yourdlinkddnsaddres\ to access your shares, and depending on what version of windows you use you might get the chance to type in the correct user name and password.

Personally, what I have done to access my files from my laptop when I'm away from home is set up a VPN (Virtual Private Network). My router has a VPN server built in, and that lets me connect to my home network securely from any other network. Any data that I send to the VPN server is hidden from the public network by encryption. That's easy for me to do, because my broadband router has a VPN server built in, but yours probably doesn't. (Check the manual - must have VPN server, not VPN  passthrough!)

Those are your only out of the box options. As this forum is essentially about making the DNS323 do things that DLink didn't design it to do, you do have some other options.

As you say you want to write to your disk, that rules out these two things mentioned on this forum recently:
http://dns323.kood.org/forum/t1827-ligh … S-323.html
http://dns323.kood.org/forum/t1132-Ligh … eamer.html

These set up web pages on your DNS323 with links to your files. You would forward port 80 from your router to your dns323 and access the files using a web browser (http://yourdlinkddnsaddress/).

You could install the OpenVPN software that some people have talked about here, and then set up your router to do VPN passthrough to your DNS323. That sounds tricky to me.

You could set up an ssh server on your DNS323 (dropbear?), forward port 22 (I think?? is that right?), and then use scp (Secure CoPy) to move files on and off of your DNS323. You can use a program like WinScp on Windows to do this. That's what I recommend for you, but unfortunately, I've never set up dropbear on the DNS323 :-(

What's your favourite options from that lot?

*I think FTP is still useful for anonymous public read access to files, or write-only access to a disk (never allow the public to read data that has been written anonymously by ftp).

Hi sjmac & fordem,

Thanks again for the time and patient explaining and advices smile

Yes I think Accessing Windows Shares should be the one and I checked my router it doesn't support VPN server sad

I went to 2 links and read .... I'm lost ... sad ... is there anything that I juz dump it in and work straight away ??

which OpenVPN software which I use ??  what is ssh server ?? dropbear?? and SMB ?? am confused

Offline

 

#11 2008-05-26 20:41:53

maxyeo
Member
Registered: 2008-03-12
Posts: 14

Re: Newbie and need lotsa help ...

sjmac wrote:

OK, here's some stuff that I know that might be helpful -- hopefully someone else can jump in and disagree or fill in the (big) gaps.

You have set up the dlinkddns account, and so you can use the URL that you posted a picture of to get to your home network. You need to have some service running at home to connect to though. If you want to use an out-of-the-box DNS323, you have two options: FTP, or a SMB/Windows shares. Because your DNS323 is hidden safely behind your home router, you will need to make a connection between your router and the DNS323. That is the port forwarding. The port or ports that you need to forward will depend on what services you want to expose to the internet.

FTP (File Transfer Protocol) is an ancient way to move files between computers. It is easy to snoop on the password that you use to get access and the data that you transfer if you are accessing your DNS323 from an untrusted network. (FTP is still useful in certain situations*.) As you say you'd like to access your files from wifi (public wifi, untrusted network, like a net cafe?), I'd say avoid FTP, but if you want to use it then you'll need to forward port 21 from your router to port 21 of the DNS323. Then in Windows Explorer type ftp://username@yourdlinkddnsaddress/ and if you are lucky  then you'll get to log in to your FTP server.

Accessing windows shares from the internet is also possible, and is probably more secure than FTP. Other people can advise on this, and what ports you'd need to forward. You would type \\yourdlinkddnsaddres\ to access your shares, and depending on what version of windows you use you might get the chance to type in the correct user name and password.

Personally, what I have done to access my files from my laptop when I'm away from home is set up a VPN (Virtual Private Network). My router has a VPN server built in, and that lets me connect to my home network securely from any other network. Any data that I send to the VPN server is hidden from the public network by encryption. That's easy for me to do, because my broadband router has a VPN server built in, but yours probably doesn't. (Check the manual - must have VPN server, not VPN  passthrough!)

Those are your only out of the box options. As this forum is essentially about making the DNS323 do things that DLink didn't design it to do, you do have some other options.

As you say you want to write to your disk, that rules out these two things mentioned on this forum recently:
http://dns323.kood.org/forum/t1827-ligh … S-323.html
http://dns323.kood.org/forum/t1132-Ligh … eamer.html

These set up web pages on your DNS323 with links to your files. You would forward port 80 from your router to your dns323 and access the files using a web browser (http://yourdlinkddnsaddress/).

You could install the OpenVPN software that some people have talked about here, and then set up your router to do VPN passthrough to your DNS323. That sounds tricky to me.

You could set up an ssh server on your DNS323 (dropbear?), forward port 22 (I think?? is that right?), and then use scp (Secure CoPy) to move files on and off of your DNS323. You can use a program like WinScp on Windows to do this. That's what I recommend for you, but unfortunately, I've never set up dropbear on the DNS323 :-(

What's your favourite options from that lot?

*I think FTP is still useful for anonymous public read access to files, or write-only access to a disk (never allow the public to read data that has been written anonymously by ftp).

Hi sjmac, sorry to bother u again .... rite now which router comes with vpn server ???

Offline

 

#12 2008-05-26 22:04:51

bq041
Member
From: USA
Registered: 2008-03-19
Posts: 709

Re: Newbie and need lotsa help ...

I use a Linksys RV042 for my VPN.  I actually have it set up in parallel with my DIR-655.  I use the DIR-655 for all outbound traffic and I use the RV042 for inbound VPN traffic.


DNS-323     F/W: 1.04b84  H/W: A1  ffp: 0.5  Drives: 2X 400 GB Seagate SATA-300
DNS-323     F/W: 1.05b28  H/W: B1  ffp: 0.5  Drives: 2X 1 TB  WD SATA-300
DSM-G600   F/W: 1.02       H/W: B                Drive:  500 GB WD ATA

Offline

 

#13 2008-05-27 05:34:46

maxyeo
Member
Registered: 2008-03-12
Posts: 14

Re: Newbie and need lotsa help ...

bq041 wrote:

I use a Linksys RV042 for my VPN.  I actually have it set up in parallel with my DIR-655.  I use the DIR-655 for all outbound traffic and I use the RV042 for inbound VPN traffic.

Thanks bq041 smile I'm also using DIR655 .... so the linksys RV042 easy to configure ?? will get 1 asap ... thanks again

Offline

 

#14 2008-05-27 06:36:31

bq041
Member
From: USA
Registered: 2008-03-19
Posts: 709

Re: Newbie and need lotsa help ...

It is.  I tried another Linsys one (the SSL one) and I finally got corporate (after 3 months) to replace it with the RV042 because it woould not perform to their spec (15 Mbps was the spec, but the unit linked as an ISDN line limited to 64 kbps by design).  Anyway, they final replaced it with an RV042 and it works great.  Keep in mind, it will be very slow unless you have a symetric broadband connection.  Most ISPs limit upload bandwidth, so you will not get any faster than that.

Seting up like I have it, I just assigned it an IP address in my subnet and disabled the DHCP server.  My isp allows me 5 real IP addresses, so I have one for each of the 2 routers.  I have a DDNS account for the address on the VPN router so I can just type the URL.  Anyway, this is how I use the DIR for outgoing and I link the RV for VPN.


DNS-323     F/W: 1.04b84  H/W: A1  ffp: 0.5  Drives: 2X 400 GB Seagate SATA-300
DNS-323     F/W: 1.05b28  H/W: B1  ffp: 0.5  Drives: 2X 1 TB  WD SATA-300
DSM-G600   F/W: 1.02       H/W: B                Drive:  500 GB WD ATA

Offline

 

#15 2008-05-28 11:06:52

maxyeo
Member
Registered: 2008-03-12
Posts: 14

Re: Newbie and need lotsa help ...

bq041 wrote:

It is.  I tried another Linsys one (the SSL one) and I finally got corporate (after 3 months) to replace it with the RV042 because it woould not perform to their spec (15 Mbps was the spec, but the unit linked as an ISDN line limited to 64 kbps by design).  Anyway, they final replaced it with an RV042 and it works great.  Keep in mind, it will be very slow unless you have a symetric broadband connection.  Most ISPs limit upload bandwidth, so you will not get any faster than that.

Seting up like I have it, I just assigned it an IP address in my subnet and disabled the DHCP server.  My isp allows me 5 real IP addresses, so I have one for each of the 2 routers.  I have a DDNS account for the address on the VPN router so I can just type the URL.  Anyway, this is how I use the DIR for outgoing and I link the RV for VPN.

Hi again, do you know wats the best setting to run DNS323 (FTP) on the DIR655 ??

set at virtual server for FTP or port forwarding ??

Offline

 

#16 2008-05-28 14:43:17

bq041
Member
From: USA
Registered: 2008-03-19
Posts: 709

Re: Newbie and need lotsa help ...

Use virtual server, but I recommend turning it off when not in use.

Last edited by bq041 (2008-05-28 14:43:43)


DNS-323     F/W: 1.04b84  H/W: A1  ffp: 0.5  Drives: 2X 400 GB Seagate SATA-300
DNS-323     F/W: 1.05b28  H/W: B1  ffp: 0.5  Drives: 2X 1 TB  WD SATA-300
DSM-G600   F/W: 1.02       H/W: B                Drive:  500 GB WD ATA

Offline

 

#17 2008-05-28 17:13:55

sjmac
Member
Registered: 2008-01-21
Posts: 222

Re: Newbie and need lotsa help ...

VPN Server (Virtual Private Network Server), sometimes also called a Virtual Private Network Endpoint. A "Virtual Server" is something different.

I get my internet connection using ADSL, so I have an ADSL Router with a VPN Server. You might get your internet using a cable modem so you would then just need a Broadband Router with VPN Server - make sure you get the type you need.

Here are a page of ADSL and (Cable) Broadband Routers:
http://www.dsl-warehouse.co.uk/Category … %20Routers

Offline

 

#18 2008-05-28 20:28:19

maxyeo
Member
Registered: 2008-03-12
Posts: 14

Re: Newbie and need lotsa help ...

bq041 wrote:

Use virtual server, but I recommend turning it off when not in use.

oh .... unsafe to let it on ???

Offline

 

#19 2008-05-28 20:29:03

fordem
Member
Registered: 2007-01-26
Posts: 1938

Re: Newbie and need lotsa help ...

sjmac wrote:

VPN Server (Virtual Private Network Server), sometimes also called a Virtual Private Network Endpoint. A "Virtual Server" is something different.

I get my internet connection using ADSL, so I have an ADSL Router with a VPN Server. You might get your internet using a cable modem so you would then just need a Broadband Router with VPN Server - make sure you get the type you need.

Here are a page of ADSL and (Cable) Broadband Routers:
http://www.dsl-warehouse.co.uk/Category … %20Routers

I could be misinterpreting you here, but, in this particular case, they're discussing a D-Link DIR655 router, and in this case D-Link uses the term virtual server to refer to what appears to be port forwarding and not virtual servers in the true sense of the term.  I have not used the DIR655 myself, but, on the D-Link routers that I have used, that's the way it was.

Offline

 

#20 2008-05-28 20:30:42

maxyeo
Member
Registered: 2008-03-12
Posts: 14

Re: Newbie and need lotsa help ...

sjmac wrote:

VPN Server (Virtual Private Network Server), sometimes also called a Virtual Private Network Endpoint. A "Virtual Server" is something different.

I get my internet connection using ADSL, so I have an ADSL Router with a VPN Server. You might get your internet using a cable modem so you would then just need a Broadband Router with VPN Server - make sure you get the type you need.

Here are a page of ADSL and (Cable) Broadband Routers:
http://www.dsl-warehouse.co.uk/Category … %20Routers

sigh my old router when dead so I bought a new DLink DIR655 .... I din know VPN passthru and VPN server are 2 different thing ...... sad

Offline

 

#21 2008-05-28 21:19:26

bq041
Member
From: USA
Registered: 2008-03-19
Posts: 709

Re: Newbie and need lotsa help ...

maxyeo wrote:

bq041 wrote:

Use virtual server, but I recommend turning it off when not in use.

oh .... unsafe to let it on ???

When enabled, it leave a direct incoming port open to the DNS all the time.  By turning it off when you won't be uning it, you close that door.  It's just a security thing -- no point in having open ports when they don't need to be.

fordem -- yes, you are exactly correct.

sjmac -- read the 5 posts before yours in order.


DNS-323     F/W: 1.04b84  H/W: A1  ffp: 0.5  Drives: 2X 400 GB Seagate SATA-300
DNS-323     F/W: 1.05b28  H/W: B1  ffp: 0.5  Drives: 2X 1 TB  WD SATA-300
DSM-G600   F/W: 1.02       H/W: B                Drive:  500 GB WD ATA

Offline

 

#22 2008-05-28 21:39:03

maxyeo
Member
Registered: 2008-03-12
Posts: 14

Re: Newbie and need lotsa help ...

bq041 wrote:

maxyeo wrote:

bq041 wrote:

Use virtual server, but I recommend turning it off when not in use.

oh .... unsafe to let it on ???

When enabled, it leave a direct incoming port open to the DNS all the time.  By turning it off when you won't be uning it, you close that door.  It's just a security thing -- no point in having open ports when they don't need to be.

fordem -- yes, you are exactly correct.

sjmac -- read the 5 posts before yours in order.

oh ..... so is there any safe way to let it on at the same time secure ???

Offline

 

#23 2008-05-28 22:22:12

bq041
Member
From: USA
Registered: 2008-03-19
Posts: 709

Re: Newbie and need lotsa help ...

It all depends on your definition of secure.  Having any incoming ports open on a network a security risk.  It just depends on how much risk you are willing to accept.  For me, I like to close the ports when I'm not going to be using them, so they could only be expoited during the few times they are open.  Some people leave them open all the time.  FTP is inherently unsecure, as the login and password are sent in plain text.  If somebody picks that up, and you leave your port open, then they can have access. 

It is all about how much risk you are willing to accept.  Adding the VPN to the network is a much more secure way of connecting, but there are more costs involved.


DNS-323     F/W: 1.04b84  H/W: A1  ffp: 0.5  Drives: 2X 400 GB Seagate SATA-300
DNS-323     F/W: 1.05b28  H/W: B1  ffp: 0.5  Drives: 2X 1 TB  WD SATA-300
DSM-G600   F/W: 1.02       H/W: B                Drive:  500 GB WD ATA

Offline

 

#24 2008-05-28 23:51:20

mig
Member
From: Seattle, WA
Registered: 2006-12-21
Posts: 532

Re: Newbie and need lotsa help ...

bq041 wrote:

If somebody picks that up, and you leave your port open, then they can have access.

I think this might be understating the inevitability of an FTP password compromise.  It's not a "somebody"...
it is a computer program that "picks it up" the open port.  The computer program is running 24-7, systematically,
trying to find open ftp ports.  Then monitoring the traffic to the IP addresses with open ftp ports, and
scanning the traffic for the character string "password"

Almost instantly, as soon as you open up your ftp port to the internet, you ARE being watched.
Almost instantly, as soon as you connect to your ftp server, the password IS compromised.


DNS-323 • 2x Seagate Barracuda ES 7200.10 ST3250620NS 250GB SATAII (3.0Gb/s) 7200RPM 16MB • RAID1 • FW1.03 • ext2 
Fonz's v0.3 fun_plug http://www.inreto.de/dns323/fun-plug

Offline

 

#25 2008-05-29 01:34:26

fordem
Member
Registered: 2007-01-26
Posts: 1938

Re: Newbie and need lotsa help ...

mig wrote:

bq041 wrote:

If somebody picks that up, and you leave your port open, then they can have access.

I think this might be understating the inevitability of an FTP password compromise.  It's not a "somebody"...
it is a computer program that "picks it up" the open port.  The computer program is running 24-7, systematically,
trying to find open ftp ports.  Then monitoring the traffic to the IP addresses with open ftp ports, and
scanning the traffic for the character string "password"


Almost instantly, as soon as you open up your ftp port to the internet, you ARE being watched.
Almost instantly, as soon as you connect to your ftp server, the password IS compromised.

I'm no l33t h4ck3r but, I really don't think it's that easy.

It's one thing to scan for open ports, but to actually "scan" the traffic and trap my password you'd have to take control of a  strategically located system.  You're going to need to get a router to route my traffic to both you and I (which is easier said than done) or setup a MITM (man in the middle) attack on a network segment through which my traffic passes and then filter the traffic.  I would recommend that you get a very fast system, or else locate your trap as close to my end of the network (as in at my ISP and on my linecard in the DSLAM) as possible to minimize the sheer volume of traffic.

I'm not saying it can't be done, but I would guess that more ftp passwords are cracked through bruteforce (dictionary or similar) attacks than be actually scanning the traffic.

Offline

 

Board footer

Powered by PunBB
© Copyright 2002–2010 PunBB