DSM-G600, DNS-3xx and NSA-220 Hack Forum

Unfortunately no one can be told what fun_plug is - you have to see it for yourself.

You are not logged in.

Announcement

#1 2012-11-11 12:36:51

maako
New member
Registered: 2012-11-11
Posts: 3

Expose NAS with dropbear to internet - risks / precautions?

Heyho,

I bought two ch3wnas pretty cheaply and use them for backup purposes. I am thinking about exposing one to the internet as a dropbear-ssh-fs.
I haven't installed dropbear, yet. It seems to be the easiest solution..

1. The pre-compiled dropbear-server is from 2006.. Is it sufficiently safe?

2. Would you suggest any better method to sync via internet (besides vpn)?

best!
m.

Offline

 

#2 2012-11-13 23:49:44

sala
Member / Site Admin
From: Estonia
Registered: 2006-07-28
Posts: 731
Website

Re: Expose NAS with dropbear to internet - risks / precautions?

maako wrote:

1. The pre-compiled dropbear-server is from 2006.. Is it sufficiently safe?

Its not safe, but you can lower the risk with some random 5 digit port number, which will not get scanned so often as default port, but it also depends on your ip address. I think attackers rarely scan full range of ports in dynamic ip blocks.

If you use some kind of firewall before NAS (Openwrt router or something like that), then you can specify source ip range which will be accepted and forwarded to nas.


DSM-G600 - NetBSD hdd-boot - 80GB Samsung SP0802N
NSA-220 - Gentoo armv5tel 20110121 hdd-boot - 2x 2TB WD WD20EADS

Offline

 

#3 2012-12-08 12:18:47

maako
New member
Registered: 2012-11-11
Posts: 3

Re: Expose NAS with dropbear to internet - risks / precautions?

Heyho Sala,

thanks a lot for your help! I'll shure use a 5dig port. I also talked to a friend, who's into admin. He said there's no big risk. You can only exploit dropbear if you've got already an account (with minimum rights).
http://packetstormsecurity.org/search/? … mp;s=files

What do you think about using Debian instead?

Best + Tnx again!
m.

Offline

 

Board footer

Powered by PunBB
© Copyright 2002–2010 PunBB