DSM-G600, DNS-3xx and NSA-220 Hack Forum

Unfortunately no one can be told what fun_plug is - you have to see it for yourself.

You are not logged in.

Announcement

Pages: 1

 

#1 2007-10-06 23:03:20

fullcity
Member
Registered: 2007-09-19
Posts: 9

How do I know if my 323 is secure?

Port 21 open... port 80 also open. Only 3 users - all with discrete passwords. No anonymous users.

I am seeing traffic on my 323 when I know no one should be connected. Any ideas?

Offline

 

#2 2007-10-06 23:29:40

KRH
Member
From: Denmark
Registered: 2006-10-27
Posts: 219
Website

Re: How do I know if my 323 is secure?

the webinterface is not secure if you relly need access to it ourside you need to have some firewalling done by your router.

ftp ports are always scanned after open ports, and the build in ftp server is know for having open ports..

First user to fun_plug the dns-323.

Offline

 

#3 2007-10-06 23:42:33

fullcity
Member
Registered: 2007-09-19
Posts: 9

Re: How do I know if my 323 is secure?

KRH wrote:

the webinterface is not secure if you relly need access to it ourside you need to have some firewalling done by your router.

Ok, so disable the web interface... My router is forwarding port 80. What else do I need to do other than disable the forwarding?

KRH wrote:

ftp ports are always scanned after open ports, and the build in ftp server is know for having open ports..

what do you mean by "know for having open ports"? Are you saying that the ftp is not secure enough to use? What else can I do other than limit the number of users and disable anonymous?

Last edited by fullcity (2007-10-06 23:43:18)

Offline

 

#4 2007-10-07 19:48:34

mig
Member
From: Seattle, WA
Registered: 2006-12-21
Posts: 532

Re: How do I know if my 323 is secure?

You could try a network analyzer like wireshark http://www.wireshark.org/ to capture the traffic and determine what Ethernet activity you are seeing.

DNS-323 • 2x Seagate Barracuda ES 7200.10 ST3250620NS 250GB SATAII (3.0Gb/s) 7200RPM 16MB • RAID1 • FW1.03 • ext2 
Fonz's v0.3 fun_plug http://www.inreto.de/dns323/fun-plug

Offline

 

#5 2007-10-10 13:39:58

fullcity
Member
Registered: 2007-09-19
Posts: 9

Re: How do I know if my 323 is secure?

mig wrote:

You could try a network analyzer like wireshark http://www.wireshark.org/ to capture the traffic and determine what Ethernet activity you are seeing.

Wow, thanks! Great tool.

Any idea how I can use it to see if anyone is accessing my FTP? big_smile

Adam

Offline

 

#6 2007-10-10 15:09:03

fordem
Member
Registered: 2007-01-26
Posts: 1938

Re: How do I know if my 323 is secure?

Yes - use it to capture the traffic to/from the DNS-323 and then analyze it for ftp packets (port 20) - good luck.

Offline

 

#7 2007-10-10 15:35:58

fullcity
Member
Registered: 2007-09-19
Posts: 9

Re: How do I know if my 323 is secure?

fordem wrote:

Yes - use it to capture the traffic to/from the DNS-323 and then analyze it for ftp packets (port 20) - good luck.

Thanks! Having never used a sniffer can you give me a slight point in the right direction? What kind of things should I be looking for? If the DNS323 is wired to my router can I watch the traffic between it and my router using my laptop's wireless card as an interface? I assume not.

Thanks!

Offline

 

#8 2007-10-10 15:39:06

fullcity
Member
Registered: 2007-09-19
Posts: 9

Re: How do I know if my 323 is secure?

KRH wrote:

ftp ports are always scanned after open ports, and the build in ftp server is know for having open ports..

fullcity wrote:

what do you mean by "know for having open ports"? Are you saying that the ftp is not secure enough to use? What else can I do other than limit the number of users and disable anonymous?

Any chance someone could clarify this for me? What other open ports are there and what else can I do to lock down security? The only ports I am forwarding from my router to the DNS323 is port 21 for ftp. Doesn't this prevent any additional traffic from getting to the 323?

Thanks!

Offline

 

#9 2007-10-10 16:43:32

fordem
Member
Registered: 2007-01-26
Posts: 1938

Re: How do I know if my 323 is secure?

fullcity wrote:

fordem wrote:

Yes - use it to capture the traffic to/from the DNS-323 and then analyze it for ftp packets (port 20) - good luck.

Thanks! Having never used a sniffer can you give me a slight point in the right direction? What kind of things should I be looking for? If the DNS323 is wired to my router can I watch the traffic between it and my router using my laptop's wireless card as an interface? I assume not.

Thanks!

You assume correctly - and in fact - if your router is the typical consumer grade, firewall/router/wireless access point/4 port switch, then you'll need to connect a hub between DNS-323 and the router and connect the laptop there in order to sniff the traffic.

Attempting to explain how to use a sniffer and what to look for is not something that I would attempt using a forum such as this - it's too complex for text based communication - you'll have to grab the documentation and start reading.  Essentially what you need to do is to create a filter which allows only the traffic of interest to be captured - deciding what is of interest is critical to prevent being completely overwhelmed by the volume of data - in fact I would not consider using a sniffer as a means of providing security unless you can automate the analysis - which is essentially turning it into an Intrusion Detection System.

Offline

 

 

Pages: 1

Board footer

Powered by PunBB
© Copyright 2002–2010 PunBB