DSM-G600, DNS-3xx and NSA-220 Hack Forum
Unfortunately no one can be told what fun_plug is - you have to see it for yourself.
You are not logged in.
Announcement
IRC Channel #funplug on irc.freenode.org
#1 2008-11-23 04:36:43
- roadkyng
- Member
- Registered: 2008-11-19
- Posts: 8
If not ftp, then what?
I have read several posts here the ftp is not secure as the password is transmitted in cleartext. So what can be used to securely access the DNS-323 from the internet?
And what is the real issue with ftp? If the user is accessing the DNS-323 through a secure network (my workplace security is pretty stout) where is the weak point?
Offline
#2 2008-11-23 12:14:02
- silversurfer
- Member
- Registered: 2008-07-20
- Posts: 95
Re: If not ftp, then what?
The point is that the Internet is an insecure network. At any point that your data passes through somebody could capture this data and read any clear text information. Ask yourself the question if you would write down your online banking information on a postcard and send it somewhere else. Most certainly you would not do that and the same should apply to "keys" that unlock your personal data on the NAS.
FTP is good for providing access to public data, for example patches, firmware, freeware and so on but unless you consider your personal data "public" I wouldn't use ftp for it. Instead use secure ftp. Fonz supplies the package "vsftpd" for funplug 0.5 for example. Of course you will need to configure the package once it is installed to limit access to authorized users and keep out the anonymous user.
Another option is to use a VPN but for that you would need a VPN server.
You can use the ssh tunneling ability as well. That way you can establish a secure connection using ssh and tunnel some insecure protocol through it.
All of these options require configuration work but it's better to invest some time to secure your data than running an insecure configuration and complain about data that got lost, isn't it?
Offline
#3 2008-11-24 05:44:14
- roadkyng
- Member
- Registered: 2008-11-19
- Posts: 8
Re: If not ftp, then what?
Thanks for the reply.
I searched all over the funplug 0.5 and could not find the package 'vsftpd'. I am new to this and am learing all I can. Could you enlighten me on where it is?
Offline
#4 2008-11-24 06:01:11
- roadkyng
- Member
- Registered: 2008-11-19
- Posts: 8
Re: If not ftp, then what?
ok I found it here http://www.inreto.de/dns323/fun-plug/0. … kages/net/
One question - it appears the packages are all individual scripts or programs that so a certain thing. If I install funplug 0.5 does it install all these packages or do I cherrypick the ones I want?
Offline
#5 2008-11-24 08:04:03
- silversurfer
- Member
- Registered: 2008-07-20
- Posts: 95
Re: If not ftp, then what?
The packages are additional programs that you have to install seperately. Funplug itself contains only a few programs. If you take a look inside the "fun_plug.tgz" (winzip or something similar should be able to open the archive) you will see what it contains. Vsftpd is not a part of the standard funplug so you will have to download that package and install it manually. Check the Wiki if you need information about the installation of packages -> http://dns323.kood.org/howto:ffp
Offline