DSM-G600, DNS-3xx and NSA-220 Hack Forum
Unfortunately no one can be told what fun_plug is - you have to see it for yourself.
You are not logged in.
Announcement
IRC Channel #funplug on irc.freenode.org
#1 2007-11-13 06:39:25
- NickInSanDiego
- Member
- Registered: 2007-06-28
- Posts: 8
General FTP Question
Using the original 1.03 firmware, should I be concern with leaving FTP service port 21 expose to the internet? Using strong passwords, am I still vulnerable to any brute force break-ins?
Offline
#2 2007-11-14 02:06:39
- fickle
- Member
- From: Melbourne, Australia
- Registered: 2007-09-10
- Posts: 249
Re: General FTP Question
there is always a risk. if you want to be safe, turn FTP off.. if you want FTP on, then you would just have to take your chances. doubtful anyone would try to 'hack' you, but hey, kids are kids ... grrr .. kids
Offline
#3 2007-11-15 07:10:18
- cosmolee
- New member
- Registered: 2007-11-15
- Posts: 4
Re: General FTP Question
FTP over the Internet is insecure. Passwords and data are transmitted *unencrypted*.
Does anybody know if one can run ssh and sftp on the devices? As far as I'm concerned, loging in w/ unencrypted passwords over the Internet is a deal-breaker...
Cosmo
Last edited by cosmolee (2007-11-16 02:00:46)
Offline
#4 2007-11-15 17:27:28
- HaydnH
- Member
- Registered: 2007-09-28
- Posts: 187
Re: General FTP Question
A ssh daemon (dropbear) comes with fun_plug. You don't really need sftp, you can use scp (or pscp which comes with putty if you're on windows. Examples:
# scp localfile.ext user@192.168.1.2:/mnt/HD_a2/path/
# scp user@192.168.1.2:/mnt/HD_a2/path/localfile.ext /var/tmp/
C:\> pscp localfile.ext user@192.168.1.2:/mnt/HD_a2/path/
C:\> pscp user@192.168.1.2:/mnt/HD_a2/path/localfile.ext c:\tmp\
Haydn.
Offline
#5 2009-12-16 09:24:14
- Adain
- New member
- Registered: 2009-12-16
- Posts: 1
Re: General FTP Question
Thank you. I just tried it and it works fine for me.
------------------------------------------
FTP Brute Force
Offline