Unfortunately no one can be told what fun_plug is - you have to see it for yourself.
You are not logged in.
I have the FTP on my DNS-323 setup so I can access it from the internet, but it seems to be having alot of activity while I am at home and not using it. Also my internet cable modem show activity at the same time. Is there anyway my DNS-323 could tell me who is accessing it?
Offline
with telnet/ssh access you could probably do "cat var/log/messages", take a look at the wiki
Offline
One thing you should absolutely understand is that with the File Transfer Protocol your username and password are sent in cleartext - they are not encrypted in any way. That means that anybody intercepting your traffic between you and the DNS-323 will then have all they need to FTP to your router. Some would say that the odds of somebody intercepting this info are very low - they are wrong.
Have you ever logged in to your DNS-323 from a coffee shop using an open wifi access point? How about logging in from a friend's who uses open wifi. How about from wifi in a dorm? There are MANY ways (even logging in from an encrypted wifi point - WEP is notoriously easy to break) to capture this traffic. At this point, if you suspect that somebody is accessing it, you can either find out for sure, or just skip that and prevent it from happening in the future.
I am new to the DNS-323 (I haven't even received mine yet, much less set it up.), but I've found that it can be set up so you can access it through SSH at the very least. If you desire to access it from the internet, then I would AT LEAST look into that.
Offline
wrathofthepenguin wrote:
Some would say that the odds of somebody intercepting this info are very low - they are wrong.
That "somebody" pretty much has to be in one of the following four places to "capture" the required information.
1) On the same (W)LAN as the DNS-323 - AND - assuming a switched network as most are, either using a MITM attack or if the switch is managed, have access to the switch management
2) On the ISP network to which the DNS-323 LAN is connected - AND - with access to the ISP management systems, for what it's worth, ISP policy usually prohibits ISP personnel from packet capture of this nature.
3) On the same (W)LAN from which you are accessing the DNS-323 remotely - AND - assuming a switched network as most are, either using a MITM attack or if the switch is managed, have access to the switch management.
4) On the ISP network to which the remote LAN mentioned in (3) above is connected - AND - with access to the ISP management systems, for what it's worth, ISP policy usually prohibits ISP personnel from packet capture of this nature.
As you move further away from the end points listed above, the volume of traffic increases and the task of capturing the necessary traffic and filtering out the unwanted protocols becomes more & more challenging.
Yes, ftp (and also telnet) is insecure for the reasons mentioned above, but rather than create an atmosphere of "fud" - fear, uncertainty & doubt - I prefer to inform, so the end user can make an informed decision.
There are ways to limit your exposure - one of which is to user your firewall to limit the range of ip addresses from which it will accept an incoming ftp or telnet session.
A comment on the use of open wireless LANs at a coffee shop etc. - there is a lot more at stake than just your ftp user and password - pop3 user names & passwords are also sent clear text - unless your ISP allows encryption and you specifically configure it - I think significantly more people are likely to check their email than login to their ftp server.
As with everything else in life, there are dangers - even something as simple as crossing the street - the trick is to know where the dangers lie and how to deal with them, just as you teach folks to use the cross walk and to look both ways before crossing - look left, look right and then look left again - you can teach them to use the internet safely.
Last edited by fordem (2008-07-26 19:04:13)
Offline
Well, you're right to say that it's not good to create an atmosphere of "fud" but people should know the dangers of using unsecured WLANs. Point 3 is not exactly true. WLANs work by broadcasting through the air. Anybody can intercept these messages. They don't need a hub, a mirror port or whatever access to LAN infrastructure. Talking about an unsecured WLAN, you just need to sit there with your wifi receiver and capture the messages.
That's the reason why encryption is so important for wireless LAN. I know that a lot of public access points (at least here in Germany) are not secured by any encryption method or only use WEP. I wouldn't advise to use these for confidential transmissions except you are running a VPN tunnel over them.
It is quite unlikely that a hacker is interested in the personal data of a John Doo but you never know who might read your communications. ;-)
Hello Mr. Schäuble... ;-P
Offline
fordem wrote:
wrathofthepenguin wrote:
Some would say that the odds of somebody intercepting this info are very low - they are wrong.
That "somebody" pretty much has to be in one of the following four places to "capture" the required information.
1) On the same (W)LAN as the DNS-323 - AND - assuming a switched network as most are, either using a MITM attack or if the switch is managed, have access to the switch management
2) On the ISP network to which the DNS-323 LAN is connected - AND - with access to the ISP management systems, for what it's worth, ISP policy usually prohibits ISP personnel from packet capture of this nature.
3) On the same (W)LAN from which you are accessing the DNS-323 remotely - AND - assuming a switched network as most are, either using a MITM attack or if the switch is managed, have access to the switch management.
4) On the ISP network to which the remote LAN mentioned in (3) above is connected - AND - with access to the ISP management systems, for what it's worth, ISP policy usually prohibits ISP personnel from packet capture of this nature.
As you move further away from the end points listed above, the volume of traffic increases and the task of capturing the necessary traffic and filtering out the unwanted protocols becomes more & more challenging.
Yes, ftp (and also telnet) is insecure for the reasons mentioned above, but rather than create an atmosphere of "fud" - fear, uncertainty & doubt - I prefer to inform, so the end user can make an informed decision.
There are ways to limit your exposure - one of which is to user your firewall to limit the range of ip addresses from which it will accept an incoming ftp or telnet session.
A comment on the use of open wireless LANs at a coffee shop etc. - there is a lot more at stake than just your ftp user and password - pop3 user names & passwords are also sent clear text - unless your ISP allows encryption and you specifically configure it - I think significantly more people are likely to check their email than login to their ftp server.
As with everything else in life, there are dangers - even something as simple as crossing the street - the trick is to know where the dangers lie and how to deal with them, just as you teach folks to use the cross walk and to look both ways before crossing - look left, look right and then look left again - you can teach them to use the internet safely.
I'm kind of surprised that you feel I was somehow creating fud by stating the obvious. By telling the OP that he was using a protocol that is insecure and then suggesting that he use a more secure protocol I believe I meet your statement of "teach them to use the internet safely". While I agree that people are much more likely to check their email than access their ftp server, that's not the subject of the current thread. He's asking about somebody accessing his FTP server. If you feel we need to point out every insecure protocol/security issue that might he might be more at risk of when he's asking about a specific situation, well, feel free to list them for him. I'll stick to the question he asks.
To capture the data, one need simply be in one of the places that I mentioned. Wireless increases security risks - if it's open or secured by WEP, then it can be easily captured. Even if the data is not captured in the clear it can be captured and decrypted later at leisure. So, if you're sitting on a wireless network that's secured by WEP that connects to a switched network, the guy three rooms down can easily capture everything you do, even if he's never connected to the access point. And guess what. In most places what he's doing is legal, as long as he doesn't attack the network - all he has to do is passively capture the traffic. How many times have you used wired access in public places while you're away from home. In most cases, people use wireless, even when they're at their buddies house.
And if you think that ISPs prevent their personnel from capturing traffic, you are sorely mistaken. Not only is traffic routinely captured, it is often sent to several other places, sometimes to support, sometimes to traffic analysis shops, sometimes just stored on a flash drive. If I actually collected every username/password combination I've seen in traces I'd have hundreds.
I have not even touched on the various situations in which a server/network/PC has been compromised.
For the OP: If you believe your username/password have been compromised, change them, and look into using a secure protocol. Keep in mind this statement: The only time a computer is truly secure is when it's unplugged and locked in your closet. Assuming somebody is not in the closet with it. Definitely look at using a more secure protocol. If you believe you've been compromised, you may be right. It could have been simply a brute force attack on your DNS-323, but more likely, somebody captured it at some point. It really doesn't matter how it happened, what matters is stopping the access now and making it much more difficult in the future. Look into using a secure protocol, and if you don't know what's secure and what's not - definitely post and ask. There are a lot of people who will be willing to help you out.
One other thing - you may want to make a detailed examination of what's on your DNS-323. If somebody has been using it there could be a lot on there you are not aware of. I have seen several situations in which an enterprise public FTP server has been used for trading music, movies or worse.
Offline
wrathofthepenguin wrote:
I'm kind of surprised that you feel I was somehow creating fud by stating the obvious.
Don't be surprised. He's always able to find a way to patronize you regardless of how reasonable your argument and how arcane his response actually is.
Offline
There is one thing and one thing ONLY to use FTP for. Anonymous ftp servers for distributing public files.
Anything else is to beg for problems.
Offline