Loading ...
Sorry, an error occurred while loading the content.

re: Article on LinkStation in 3/05 Business 2.0 Magazine

Expand Messages
  • David E. Yashar
    Hello Group: In the March 2005 issue of Business 2.0 magazine, there is an article on the Linkstation (
    Message 1 of 5 , Mar 6, 2005
    View Source
    • 0 Attachment
      Hello Group:

      In the March 2005 issue of Business 2.0 magazine, there is an article on
      the Linkstation (
      http://www.business2.com/b2/web/articles/0,17863,1028313,00.html ). The
      author (Matthew Maier) states that is "biggest problem was attempting to
      use the LinkStation from his [remote] office."

      He continues: "At home I thought of the LinkStation as a virtual drop box
      -- a place where I could store and retrieve files conveniently, regardless
      of PC or location. Yet when I tried to save a large file to it from work, I
      got a 'server not found' message. My LinkStation, which I knew was on and
      connected to the Internet at home, had dropped off the face of the Net. A
      Buffalo tech support rep -- who, unlike the company's manual writers,
      speaks perfectly clear English -- gave me unhelpful instructions: Configure
      my Wi-Fi router to forward traffic to my LinkStation. That advice resulted
      in fruitless hours of router tinkering. In the end, thanks to some friendly
      folks on the DSLReports.com forums, a popular site for broadband users, I
      got remote access up and running.
      <http://www.business2.com/b2/web/articles//b2/webguide/0,17811,70294,00.html>Comcast
      (CMCSK), my broadband provider, had given me a dynamic IP address. Static
      IP addresses, while more flexible, can cost $30 a month more, and security
      experts view them as a potential risk, since they can make your computer
      easier for hackers to find. The inexpensive workaround was to use a system
      called dynamic DNS to give my home network the equivalent of a static IP. I
      signed up for free service at DynDNS.org. Armed with a temporary fixed
      address, I could now find my LinkStation and get to my home files."

      Could someone clarify why using the dynamic IP address assigned to him by
      Comcast was the problem? If that was the case, he would have been unable
      to access any of the computers in his network; and yet the article never
      mentions this. Perhaps the public IP address changed in the time it took
      to go from home to office; but dynamic IP addresses rarely change with
      cable modems.

      Or as he states, does one need to use PORT FORWARDING (as set up in his
      router) to remotely access the Linkstation?

      Thanks,
      David Y.
    • Tim Lewis
      ... I bet it s worse than that. I m guessing that he was using his LinkStation s internal IP address instead of the router s external IP address. Using
      Message 2 of 5 , Mar 7, 2005
      View Source
      • 0 Attachment
        David E. Yashar wrote:
        >
        > Could someone clarify why using the dynamic IP address assigned to him by
        > Comcast was the problem? If that was the case, he would have been unable
        > to access any of the computers in his network; and yet the article never
        > mentions this. Perhaps the public IP address changed in the time it took
        > to go from home to office; but dynamic IP addresses rarely change with
        > cable modems.

        I bet it's worse than that. I'm guessing that he was using his LinkStation's
        internal IP address instead of the router's external IP address. Using
        DynDNS obviously solved this, since he used a name assigned to his external IP
        address instead.

        My particular favorite, "security experts view them [static IPs] as a potential
        risk, since they can make your computer easier for hackers to find".

        This is bad information that provides a false sense of security. You are not
        any safer with a dynamic address than you are with a static IP address:

        1. At the time of this post, the time between attacks on the average IP
        address is 23 minutes, which I guarantee is lower than your DHCP
        lease time.
        2. Many worms randomly generate an address to attack. The probability
        of hitting a dynamic address is as high as hitting a static one
        (i.e. it wouldn't matter even if you received a new IP address every minute)
        3. The DHCP address pools of different ISPs are pretty well known.
        4. Some ISPs assign a DNS name to your dynamic IP address. This name
        may not change even though your IP address changes.
        5. Some ISPs, like Comcast (the author's ISP), change dynamic client IP
        addresses infrequently. They reuse the same DHCP address each time a
        client renews their lease. Basically, you end up having a dynamically
        assigned static IP address.
        6. If you, like the author, use Dynamic DNS, your IP address can be found
        easily no matter what it is at the moment.

        - Tim
      • Paul Milligan (home)
        Thanks for your (disconcerting) point #1. I always thought you d be safe leaving an IP unprotected for a couple of days! I think the important point to make
        Message 3 of 5 , Mar 7, 2005
        View Source
        • 0 Attachment
          Thanks for your (disconcerting) point #1. I always thought you'd be safe leaving an IP unprotected for a couple of days!

          I think the important point to make for this type of useage is that a VPN seems to be mandatory. Given that few people would set up much security on their home share, an intrusion seems almost certain.

          I'll never be quite so complacent about security again!



          Tim Lewis wrote:
          David E. Yashar wrote:
          >
          > Could someone clarify why using the dynamic IP address assigned to him by
          > Comcast was the problem?  If that was the case, he would have been unable
          > to access any of the computers in his network;  and yet the article never
          > mentions this.  Perhaps the public IP address changed in the time it took
          > to go from home to office;  but dynamic IP addresses rarely change with
          > cable modems.

          I bet it's worse than that.  I'm guessing that he was using his LinkStation's
          internal IP address instead of the router's external IP address.  Using
          DynDNS obviously solved this, since he used a name assigned to his external IP
          address instead.

          My particular favorite, "security experts view them [static IPs] as a potential
          risk, since they can make your computer easier for hackers to find".

          This is bad information that provides a false sense of security.  You are not
          any safer with a dynamic address than you are with a static IP address:

          1.  At the time of this post, the time between attacks on the average IP
               address is 23 minutes, which I guarantee is lower than your DHCP
               lease time.
          2.  Many worms randomly generate an address to attack.  The probability
               of hitting a dynamic address is as high as hitting a static one
               (i.e. it wouldn't matter even if you received a new IP address every minute)
          3.  The DHCP address pools of different ISPs are pretty well known.
          4.  Some ISPs assign a DNS name to your dynamic IP address.  This name
               may not change even though your IP address changes.
          5.  Some ISPs, like Comcast (the author's ISP), change dynamic client IP
               addresses infrequently.  They reuse the same DHCP address each time a
               client renews their lease.  Basically, you end up having a dynamically
               assigned static IP address.
          6.  If you, like the author, use Dynamic DNS, your IP address can be found
               easily no matter what it is at the moment.

          - Tim


        • Tim Lewis
          ... A VPN is definitely necessary if you want to use Windows filesharing over the Internet safely. In Windows filesharing, there are certain files which can
          Message 4 of 5 , Mar 7, 2005
          View Source
          • 0 Attachment
            Paul Milligan (home) wrote:
            >
            > I think the important point to make for this type of useage is that a
            > VPN seems to be mandatory. Given that few people would set up much
            > security on their home share, an intrusion seems almost certain.

            A VPN is definitely necessary if you want to use Windows filesharing
            over the Internet safely. In Windows filesharing, there are certain
            files which can be automatically executed by your machine when you
            connect to a share, and some viruses take advantage of this fact, by
            placing malicious code on an unprotected share.

            Regarding VPNs...

            I would steer clear of PPTP, as there are some security issues with some
            implementations, which, I'm not sure were entirely resolved.

            IPSec is the de facto technology for VPN. The advantages of IPSec, are
            that it is standards compliant, supported by multiple vendors, and available
            in relatively inexpensive hardware. IPSec VPNs can be difficult to set up
            unless you have dedicated hardware (i.e. a VPN router) at both endpoints.
            One thing that I've noticed when using an IPSec VPN is that there is a larger
            performance hit on Windows filesharing than on other protocols (i.e. you can
            transfer files faster using FTP over IPSec).

            Another solution is the OpenVPN (http://openvpn.net/) software. It supports
            most platforms, and is fairly easy to set up. It isn't an IPSec VPN, but
            instead relies on SSL to handle its security. The disadvantage is that you
            would need a machine to run it on, or be able to compile it for your LinkStation.

            One thing to keep in mind when using VPN is that it provides a secure tunnel
            for any type of IP traffic to your network. This may not be what you want.
            If all you need to do is transfer files, then you may want to look into a
            solution that provides only file transfer.

            One solution that can provide this is SSH. SSH is not a VPN, but rather secure
            shell access that provides file transfer capability. Programs like WinSCP can
            make it easy to browse your files on Windows with SSH, and can be easily stored
            on a USB keychain. The disadvantage is that you would need a machine to run the
            server on, or be able to compile it for your LinkStation.

            - Tim
          • Tim Lewis
            ... I should probably mention that the average survival time has gone up. Last April, it stood at around 15 minutes. You have to keep in mind, though, that
            Message 5 of 5 , Mar 7, 2005
            View Source
            • 0 Attachment
              Paul Milligan (home) wrote:
              > Thanks for your (disconcerting) point #1. I always thought you'd be safe
              > leaving an IP unprotected for a couple of days!

              I should probably mention that the average survival time has gone up.
              Last April, it stood at around 15 minutes.

              You have to keep in mind, though, that this is an average survival time.
              It may be lower or higher for your particular case. On Comcast, for instance,
              the attacks hit my router about every 5-10 minutes.

              The important thing to realize is that you do not have enough time to
              download OS patches before you will be infected, so do not connect
              a machine unless you have it firewalled.

              - Tim
            Your message has been successfully submitted and would be delivered to recipients shortly.