DSM-G600, DNS-3xx and NSA-220 Hack Forum
Unfortunately no one can be told what fun_plug is - you have to see it for yourself.
You are not logged in.
Announcement
IRC Channel #funplug on irc.freenode.org
#1 2012-11-11 12:36:51
- maako
- New member
- Registered: 2012-11-11
- Posts: 3
Expose NAS with dropbear to internet - risks / precautions?
Heyho,
I bought two ch3wnas pretty cheaply and use them for backup purposes. I am thinking about exposing one to the internet as a dropbear-ssh-fs.
I haven't installed dropbear, yet. It seems to be the easiest solution..
1. The pre-compiled dropbear-server is from 2006.. Is it sufficiently safe?
2. Would you suggest any better method to sync via internet (besides vpn)?
best!
m.
Offline
#2 2012-11-13 23:49:44
Re: Expose NAS with dropbear to internet - risks / precautions?
maako wrote:
1. The pre-compiled dropbear-server is from 2006.. Is it sufficiently safe?
Its not safe, but you can lower the risk with some random 5 digit port number, which will not get scanned so often as default port, but it also depends on your ip address. I think attackers rarely scan full range of ports in dynamic ip blocks.
If you use some kind of firewall before NAS (Openwrt router or something like that), then you can specify source ip range which will be accepted and forwarded to nas.
• DSM-G600 - NetBSD hdd-boot - 80GB Samsung SP0802N
• NSA-220 - Gentoo armv5tel 20110121 hdd-boot - 2x 2TB WD WD20EADS
Offline
#3 2012-12-08 12:18:47
- maako
- New member
- Registered: 2012-11-11
- Posts: 3
Re: Expose NAS with dropbear to internet - risks / precautions?
Heyho Sala,
thanks a lot for your help! I'll shure use a 5dig port. I also talked to a friend, who's into admin. He said there's no big risk. You can only exploit dropbear if you've got already an account (with minimum rights).
http://packetstormsecurity.org/search/? … mp;s=files
What do you think about using Debian instead?
Best + Tnx again!
m.
Offline