Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[iambigred]

Hi,

One of the key reasons I purchased the DNS320 is to access files remotely from my office or parents house.  FTP seems to be the only option available to do this, so I enabled the FTP server, set my router to forward the ports to allow external access.

However, it seems that by default anonymous read/write access is permitted to the P2P folder (containing complete/incomplete bittorrent downloads) and to any external disk connected to the USB port.

There seems to be no way to turn this off which is a massive potential security risk.  Had I not realized these shares were exposed by default then my personal documents and data would have been accessible and vulnerable to anyone that happened to be scanning for open FTP servers.

In the web interface when I select either the P2P or USB volume share it does not allow me to edit them in order to disable FTP on these exposed shares.

Allowing anonymous read/write access by default is not a users desired or expected behavior!

Alex

[hoppo1]

That does seem to be the default I have just enabled p2p and the share has ftp anonymous read / write by default  I dont use ftp nor have it forwarding from my router but that is quite a worry if I did.

[D-Link Multimedia]

This will be fixed next firmware. You will be able to modify the share settings.

[iambigred]

Is there a release date for the new firmware?  If it takes too long then I might have to return the unit.

[D-Link Multimedia]

I have a beta firmware already on hand that has this change. So soon but a little longer for official release.

[hoppo1]

How do you apply for beta? I have some issues that hopefully will be fixed in beta that could be fed back as part of the beta program.

thanks.

[D-Link Multimedia]

I run public betas in the Beta sub-forum. Once it is posted there you can grab a copy from our ftp. (link will be provided in the sub-forum when available)

[Borkis72]

Is the beta up yet? To have an all open FTP is not what i expected when I bought my DNS-320. I need a fix for this fas. I should have bought the Netgear NAS...

[D-Link Multimedia]

I am working on getting the beta up by today hopefully.

[AMcK]

I have the latest firmware 2.03 dated 02/21/2012. Does this allow me to disable guest access to P2P and FTP. If so, how is it configured. By default, guest FTP access appears to be open. Regards. Andrew 

[bohemus]

Still appears that external USB drives are still shared by default over FTP to all users.