Unfortunately no one can be told what fun_plug is - you have to see it for yourself.
You are not logged in.
Well, the DNS-323 has it's security flaws I guess and here's another one. Just for the fun of it I did a trace of the communication betweem the EasySearch utility and the DNS.
What happens when the EasyLink unitily is started is that it MultiCasts, to port 13579, the following
'01 f7 51 0e 2a d0 1c c0 a8 00 ac'
The DNS will then respond, on MultiCast, once again to port 13579, it's IP address and hostname:
0000 01 00 5e 00 00 01 00 19 5b 3e e3 51 08 00 45 00 ..^.....[>.Q..E. 0010 00 5b 00 00 40 00 01 11 d8 29 c0 a8 00 bf e0 00 .[..@....)...... 0020 00 01 04 14 35 0b 00 47 da a9 02 f7 51 0e 2a d0 ....5..G....Q.*. 0030 1c c0 a8 00 ac 00 19 5b 3e e3 51 c0 a8 00 bf 31 .......[>.Q....1 0040 00 00 32 35 35 2e 32 35 35 2e 32 35 35 2e 30 00 ..255.255.255.0. 0050 00 00 31 39 32 2e 31 36 38 2e 30 2e 31 00 11 00 ..192.168.0.1... 0060 00 00 03 00 00 00 4e 41 53 ......NAS
The above is repeated three times. Next step, when selectin one DNS is the following MultiCast:
'03 f7 51 0e 2a d0 1c c0 a8 00 ac 00 19 5b 3e e3 51 c0 a8 00 bf 03 00 00 00 00 00 00'
To which the DNS responds:
0000 01 00 5e 00 00 01 00 19 5b 3e e3 51 08 00 45 00 ..^.....[>.Q..E. 0010 00 44 00 03 40 00 01 11 d8 3d c0 a8 00 bf e0 00 .D..@....=...... 0020 00 01 04 14 35 0b 00 30 99 b0 04 f7 51 0e 2a d0 ....5..0....Q.*. 0030 1c c0 a8 00 ac 00 19 5b 3e e3 51 c0 a8 00 bf 03 .......[>.Q..... 0040 00 00 0c 00 00 00 48 44 44 5f 31 3a 48 44 44 5f ......HDD_1:HDD_ 0050 32 3a 2:
That is, in the first step the DNS reports is IP address and in the next it reports its mount-points where it serves CIFS/SMB.
Then the bad part. When changing IP settings, the submitted password is sent in clear text on MultiCast - well done D-Link. Send my password to everyone!!!. My admin password is in this example ssseee:
0000 01 00 5e 00 00 01 00 06 1b ca f0 3f 08 00 45 00 ..^........?..E. 0010 00 46 03 34 00 00 01 11 15 1e c0 a8 00 ac e0 00 .F.4............ 0020 00 01 05 d2 35 0b 00 32 df f2 03 f7 51 0e 2a d0 ....5..2....Q.*. 0030 1c c0 a8 00 ac 00 19 5b 3e e3 51 c0 a8 00 bf 04 .......[>.Q..... 0040 00 00 0e 00 00 00 61 64 6d 69 6e 55 aa 73 73 73 ......adminU.sss 0050 65 65 65 65 eeee
So, if you want to keep your admin passward secret, stay off the EasySearch utility or make sure you've not enabled MultiCast passthrough in your router.
And, I think it's a bad idea to open the DNS-323 for the public. Keep it behind your firewall.
/Apan
Offline