DSM-G600, DNS-3xx and NSA-220 Hack Forum

flofloryda · 2009-01-28 20:19:27

All,

Background:
No access to Volume_1 (I chmod'ed -R 444 /mnt/HD_a2).
I have full access to Volume_2 (/mnt/HD_a4)

Issue:
The only way to access my box WAS to ssh in with putty. I noticed my gf took down the firewall on Monday and now I have "Connection Refused" whenever I try to SSH into my box. I turned it off for now and I have no ideas on how to proceed. I am concerned someone may have had their way with it...

Please help. I would like to get back control ))

Thanks in advance for any help,

FLO

mig · 2009-01-28 21:30:04

If your drives are not in RAID0 or JBOD, you can pull out the drives,
connect to XP (using EXT fsdriver) or Linux box and make a copy of
your data. Then simply reformat your drive on the DNS-323 and
restore the data and ffp.

flofloryda · 2009-01-28 21:44:32

Mig,

Thanks for your reply. I want to make your suggestion my last option.

After going through the forum for a while now, I decided I'll swap volume_1 with volume_2, reinstall ffp, and see where it takes me. I plan on doing this tonight unless someone suggests otherwise. (Volume 2 is just a copy of volume 1 sans ffp)

I am growing uneasy about the fact that the DNS was exposed for several hours to the internet... I have some confidential data on it, which would still be confidential if she didn't turn off the firewall... *SIGH*

Thanks again,

FLO

Last edited by flofloryda (2009-01-28 21:45:38)

flofloryda · 2009-01-29 05:54:59

All,

I took out my Volume_1, plugged in Volume_2, installed ffp, started ssh, and when I tried to connect with Putty I received a "Connection Refused" error message again. ssh is definitely running... I am beginning to think the user/group sshd/utmp may be the issue?

Please, I am at your disposal to supply more information to help you help me solve this problem. I appreciate any suggestions.

Thanks in advance,

FLO

hell0 · 2009-01-29 16:07:25

delete the fun_plug file and the ffp dir, trigger a reset on the device, download a fresh fun_plug and ffp, copy them to the box and try to connect via telnet after installation

flofloryda · 2009-01-29 19:45:08

hell0,

How do you mean reset? A regular old reset/shutdown or a return to system defaults reset? Effectively, I reinstalled FFP from scratch since I took out my old Volume 1 where the FFP that was giving me trouble was housed and inserted a different disk unadulterated by ffp.

I appreciate if you could follow up on my question.

I was sitting here at work... and I was thinking if I should reinstall 1.05 or even upgrade to 1.06 to clean out the flash?

Obviously, I don't know very much about the inner workings of the DNS so any help is welcome.

Thanks again for any responses,

FLO

hell0 · 2009-01-29 20:25:52

flofloryda wrote:
a return to system defaults reset?

Sorry for not being specific about that, do a reset to system default.

flofloryda wrote:
upgrade to 1.06 to clean out the flash?

I can't see any reason why not, upgrade to 1.06 and reset to system defaults afterwards.

Oh, and what do you mean by

the DNS was exposed for several hours to the internet...

? Since the DNS has only 1 ethernet port i guess it was behind some kind of router? Which services where running and accessible, how strong was your password for ssh/telnet, etc.

Last edited by hell0 (2009-01-29 20:30:32)

wirbel · 2009-01-29 20:46:56

If /mnt/HD_b2 (volume2) is an actual copy of your data - only if - , you could simply

remove volume2 -> switch on and reformat volume1 -> switch off, reinsert volume2 -> switch on and reinstall ffp on volume1.

After that you could chmod volume2 to 755 or higher..

Last edited by wirbel (2009-01-29 20:48:34)

flofloryda · 2009-01-31 06:52:05

Problem solved!

Here is what happened... Before this problem started, I had begun using chmod 444 on everything just in case to keep prying eyes away and if I needed anything off the DNS with my windows machine, I figured I would just chmod 777 and then back to 444 after I was done. Well, what I didn't realize is that if you chmod 444 .../start/sshd.sh and restart the DNS ssh will not start since there are no execute privileges. I ended up following wirbel's suggestion and that's how I stumbled on the answer.

I certainly appreciate hell0, wirbel, and mig for your help. You guys all went back to the basics and as it turns out that's where the problem was.

I just wanna say that having a third copy stored away in a safety deposit box made this whole experience much less stressful )))

Thanks again,

FLO

Last edited by flofloryda (2009-01-31 06:53:48)

DSM-G600, DNS-3xx and NSA-220 Hack Forum

Announcement

#1 2009-01-28 20:19:27

Interesting Issue

#2 2009-01-28 21:30:04

Re: Interesting Issue

#3 2009-01-28 21:44:32

Re: Interesting Issue

#4 2009-01-29 05:54:59

Re: Interesting Issue

#5 2009-01-29 16:07:25

Re: Interesting Issue

#6 2009-01-29 19:45:08

Re: Interesting Issue

#7 2009-01-29 20:25:52

Re: Interesting Issue

flofloryda wrote:

flofloryda wrote:

#8 2009-01-29 20:46:56

Re: Interesting Issue

#9 2009-01-31 06:52:05

Re: Interesting Issue

Board footer