Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[Gumz]

Not sure what the vulnerability is, but i had the FTP server on my DNS-321 enabled and the port forwarded from my router and someone managed to change the password on my NAS. Not sure how much damage they did but i definitely had an active FTP connection from japan (ip: 219.111.6.132) found it on my router.

This is both a warning (don't port forward your FTP) and a report to developers hoping they find the vulnerability and patch it.

[gunrunnerjohn]

How secure were your passwords on the FTP server?  If you're not careful, a simple dictionary attack on the server would be all it takes.

That being said, I would like to see the FTP server have a 15 minute lockout for say 3 failed connection attempts, just to prevent such attacks.

[D-Link Multimedia]

So your saying they changed your admin login password to your nas? But you only had the FTP port open? It doesn't really make too much sense to me since they are not linked so you are going to have to give more detail. Which firmware are you running?

[JoeSchmuck]

I think you should make a formal security bug report and provide specific details.  I don't see how someone breached the FTP server but I'm sure it's possible given the right tools.  But if someone was to breach and change the password, did they do something else?  Did they add something like fun plug?  Is this connected to a home or company system?

I agree with GRJ, a login freeze would be helpful but I'd also like to see a disable option for the FTP server.  Mine is always running even though I have no shared directories.  It's unsettling not having a disable option.

-Joe

[ECF]

The stop FTP button is right there at the bottom of the FTP config page. By default it is stopped until a share is created.

[gunrunnerjohn]

ECF beat me to it, my FTP server in the DNS-321 is disabled, I've never configured it.  I have the FTP server on the DNS-323 running, but I only open the ports when I want to share some data, I'm not that confident in the security of the FTP server in these boxes.

[D-Link Multimedia]

The stop FTP button is right there at the bottom of the FTP config page. By default it is stopped until a share is created.

Just to add to that, it is disabled until a share is added to the FTP SERVER section. It does not enable when setting up network access settings.

[JoeSchmuck]

Well it's odd that there is a Status page that states "Started".  Am I the only one that has this?  My FTP was never changed from the initial default.  I have no shared files so I know it's not sharing those.  Also if I click "Stop FTP Server", the status changed to "Stopped".  If I reboot the NAS the FTP Server is started again.

So tell me again the FTP server is not running.  I'm not trying to be pig headed here but I'll post screen shots if you like.  I could be screwed up.

[gunrunnerjohn]

I just checked mine and it's stopped.  I restarted the DNS-321 and the FTP server is still stopped according to the status page.

Try resetting to factory defaults and reconfiguring, see if that doesn't sort it out.

[ECF]

Also try stopping it and log out of the unit. Is it still stopped when you go back to it?

[JoeSchmuck]

Mine is still stopped from when I manually stopped it.  I turned off the NAS (shutdown) and turned it back on again.  Okay, it's not running.  You know I hate that when I'm wrong but I'm going to keep an eye on it because I know I've stopped it several times and it keeps turning itself back on.  Maybe I'm doing something somehow to the NAS but really it just sits there day and night.  I don't have fun plug or any other applications, just the 1.03 firmware.  If it starts itself within the week, I'll post it.

As for the FTP hacker changing the root password, is that possible?

[gunrunnerjohn]

Ghosts?

[JoeSchmuck]

Ghosts?

Got to me.  I just checked it and it's been over 24 hours and the server is still stopped.  Damn Ghosts 

[gunrunnerjohn]

Yep, they haunt all electronic devices, and computer related devices are especially vulnerable!

[Bett0]

I don't think it was ghost, he also came into the Forum for assistance. 

Not sure what the vulnerability is,

Gumz,
May I suggest to disable UPnP on all devices. Also scan your computer. Also password protect your networked computers. Though maybe, just maybe, someone may have jumped into your network.